Cryptocurrency bridge Nomad which enables users to exchange tokens between blockchains is the most recent victim of a ferocious attack that occurred on Monday and depleted about $200M million of its holdings.
The cross-chain messaging protocol allows users to transfer tokens across the Avalanche (AVAX), Ethereum (ETH), Evmos (EVMOS), Moonbeam (GLMR), and Milkomeda C1 blockchains, was exploited in a security loophole that costs it around $190.7 million in crypto, according to the independent financial tracking website DeFi Llama.
On August 1st, the Nomad official Twitter account acknowledged the hack, originally referring to it as an “incident” that was being locked into. Nomad issued a second statement early on Tuesday morning, stating that the team was “working around the clock to address the matter” and that police enforcement had also been alerted.
Nomad has not yet verified how the money was stolen by hackers. However, in another Twitter post by Samczsun, the security director at Web3 investment company Paradigm, disclosed the recent upgrade to one of Nomad’s smart contracts makes it simpler for users to counterfeit transactions. This implied that Nomad did not validate the amount when users transferred money from one blockchain to another, allowing users to withdraw money that was not theirs.
The attack was a “free-to-all” that people flocked to exploit the opportunity once word had spread. In contrast to most bridge attacks where a single culprit is responsible for the incident, 80% of the stolen assets worth $152 million were transferred to more than 41 addresses.
Look at the brighter picture, though, the stolen funds could be retrieved by white hats who drained the asset preventively. For now, they have successfully reclaimed about $9 million, 4.8% of the stolen asset.
It is crucial for those who are worried about the safety of their assets to be aware of the dangers associated with virtual media. The Solana fiasco over the past few days has amply illustrated this disorder. But more than that, it is the lessons behind the incidents that should get attention.
This is especially true with companies running their digital assets on virtual machines, instead of an outright “robbery”, they are faced with a variety of dangerous threats from system crashes, hardware failure, human misoperation, natural disasters, and cyberattacks. A slight service outage may lead to economic losses and unpredictable reputation damage.
Data security is the top priority. That’s why saving a copy of your crucial data is so important, which brings business back to normal in case of accidents. A trustworthy backup solution for VMs is a solid choice for enterprises. Vinchin Backup & Recovery is a data protection solution for 10+ virtualizations such as VMware, XenServer, RHV, etc. with easy backup and recovery features.
Fast VM Backup for Maximal Efficiency: Armed with CBT/SpeedKit-enabled incremental backup and the most appropriate transmission modes (HotAdd for VMware, LAN-Free with no bandwidth consumption, LAN, and more) under the multi-threaded transmission, the backup speed reached its highest potential and maximizes the work efficiency.
Vinchin Backup Storage Protection against Ransomware: Vinchin develops the Hyper-V backup storage protection to safeguard backups saved in Vinchin server with the real-time IO that rejects requests from unauthorized accesses except for the Vinchin applications. The daemon process would also protect Vinchin applications by preventing disguised malware.
Instant Recovery with Offsite Backup Copy: Apart from local backups, Vinchin Backup & Recovery allows users to keep additional offsite backup copies in a remote location for emergencies. You can quickly establish a DR center with them. And for the almost seamless business continuity, the instant recovery recovers a failed workload in 15s.
Cybercrimes never stop and victims like Nomad won’t be the last. Any amount of data loss can jeopardize our critical information and even ruin the entire business. If anything is left for us to do, it’d be data cloud backup. It is one of the safest methods to ensure our data is protected. You can download the full-featured free trial with 60 days and back up now.