Decentralized Robbery: Dissecting the Nomad Bridge Hack and Following the Money


In this blog post, Mandiant takes a deeper look into how the Nomad bridge smart-contract was exploited and analyzes the on-chain transactions post-compromise using cybercrime prevention company Cyber Team Six’s (CT6) blockchain investigative software, CryptoVoyant.

Background
In early August 2022, the public observed yet another bridge attack, this time against the Nomad token bridge—a “bridge” allows interoperability between two blockchains and is further described in this post. In this case an update to the bridge’s smart contract led to a state where specially crafted transactions would be processed without proper validation.

Attacks against cryptocurrency bridges resulted in the theft of over $1.3 billion in 2022. Notable examples include the Ronin bridge attack in March 2022 (~600 million stolen), the Harmony bridge attack in June 2022 (~$100 million stolen), and the more recent Binance Smart Chain attack in October 2022 (~$568 million stolen).

Read more…
Source: Mandiant