$190 million stolen via vulnerability in smart contract Nomad

A vulnerability in crypto bridge Nomad caused during maintenance has resulted in the theft of $190 million worth of cryptocurrencies. Coindesk will let you know. Nomad is a protocol that allows users to exchange tokens between different blockchains. When a user wants to transfer cryptocurrency from one blockchain to another, the bridge puts it in a smart contact on one blockchain and issues the tokens in a “wrapped” form on the other blockchain. If the smart contract where the tokens were initially located contains a vulnerability, the wrapped tokens are no longer covered. It seems that a configuration error in the smart contract Nomad used to process messages allowed users to fake transactions and withdraw money from the other bridge that didn’t belong to them. During a routine upgrade, the Nomad team set the value of the trusted root to 0x00, which automatically approved each message, researcher Sam Sun explains. All it took to take advantage of this was to find a transaction that worked. Then the address of this other person had to be replaced with his own address and then retransmitted. Because of the simplicity of the exploit, this was subsequently abused on a large scale by bots, among others. For example, the $ 190 million that the bridge contained could be stolen. Nomad has launched an investigation into the theft.