Dozens of hackers converged on trading platform Nomad to drain nearly $200 million in digital assets held by the U.S. cryptocurrency firm in an attack described by an observer as a “frenzied free-for-all.”
The attack, discovered late Monday afternoon, vaults Nomad into the upper tier of cross-chain bridge hacking victims. Cross-chain bridges perform a vital cryptocurrency service by allowing users to exchange digital assets, such as crypto tokens, between multiple, otherwise siloed blockchains.
Blockchain security experts say the attack occurred after Nomad updated its smart contracts and inadvertently made it easy to spoof transactions by failing to verify the amount of digital assets being exchanged.
The attackers stole at least $190.7 million and laundered at least $6 million via cryptocurrency mixer Tornado Cash, blockchain security firm PeckShield tells ISMG. Nomad has ceased operations and at the time of writing, close observers estimate that less than $10,000 remains in Nomad.
