Nomad releases bridge relaunch guide after patching contract vulnerability

Published at: Dec. 8, 2022

The Nomad token bridge announced its relaunch guide after fixing the contract vulnerability that led to a $190 million exploit in August. According to a blog post from Dec. 7, the Nomad protocol will allow users to bridge back madAssets and access a pro-rata share of recovered funds. 

A redesign for the token bridge was also implemented by the Nomad team, said the company, explaining that without this redesign, the "first people to bridge back their madAssets would receive canonical tokens on a one-to-one basis until there were no canonical tokens left."

To avoid this first-come, first-serve approach, the team implemented changes in the protocol to give users the ability to bridge back and access a pro-rata share of recovered funds, ensure the tokens accessed from bridging back are in the original token and provide a mechanism for impacted users to access future recovered funds. The company stated:

"Given the scope of these changes, a full audit of the smart contracts was completed along with an additional re-review of any remediations with our auditors.”

Users seeking to access recovered funds must complete a Know Your Customer (KYC) and an Anti-Money Laundering (AML) verification process, as well as linking their wallet addresses to their Coinlist account, noted the blog post.

Related: Half of all DeFi exploits are cross-bridge hacks

Users will be able to bridge back madAssets to Ethereum after successfully completing the first step and receive a unique nonfungible token (NFT) that accounts for the type and quantity of assets that can be bridged back. NFT will grant access to a portion of a bridged asset equal to the recovered percentage.

As reported by Cointelegraph, bad actors discovered a security loophole in Nomad’s smart contracts in August, allowing them to extract funds via dubious transactions. A Coinbase analysis later revealed that hundreds of copycats joined the hackers by copying the same code but modifying recipient addresses, token amounts, and target tokens.

Nomad is a token bridge that allows transfers of tokens between Avalanche, Ethereum, Evmos, Milkomeda C1, and Moonbeam chains. As of August, only 20% of the stolen funds, nearly $37 million, had been recovered. The company's official website still asks white hats to return tokens.

Tags
Related Posts
Furucombo to issue iouCOMBO tokens to repay victims of $15M exploit
Decentralized finance transaction combination tool Furucombo will compensate the victims of a recent “evil contract” exploit that cost the protocol $15 million in stolen funds. Following an internal call with affected users last week, Furucombo released a compensation plan Tuesday, announcing that they will issue 5 million iouCOMBO tokens to the victims of the breach. Issued in the form of ERC-20 tokens, iouCOMBO tokens will represent the rights to claim Furucombo’s COMBO tokens in the recovery pool. Out of a total of 100 million COMBO tokens, 5 million coins have been allocated to the recovery pool, and are subject to …
Technology / March 9, 2021
DeFi attacks are on the rise — Will the industry be able to stem the tide?
The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control. According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols. These figures highlight a dire situation that is likely to persist over the long term if ignored. Why hackers prefer DeFi platforms In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to …
Adoption / May 14, 2022
Inverse Finance exploited again for $1.2M in flash loan oracle attack
Just two months after losing $15.6 million in a price oracle manipulation exploit, Inverse Finance has again been hit with a flash loan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (wBTC). Inverse Finance is an Ethereum-based decentralized finance (DeFi) protocol and a flash loan is a type of crypto loan that is usually borrowed and returned within a single transaction. Oracles report outside pricing information. The latest exploit worked by using a flash loan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market …
Defi / June 17, 2022
After Mango Market exploit, Compound pauses four tokens to protect against price manipulation
Decentralized lending protocol Compound has paused the supply of four tokens as lending collateral on its platform, aiming to protect users against potential attacks involving price manipulation, similar to the recent $117 million exploit from Mango Market's, according to a proposal on Compound's governance forum. With the pause, users will not be able to deposit yearn finance (YFI), 0x (ZRX), basic attention token (BAT) and maker (MKR) tokens as collateral to take loans. The proposal passed on Oct. 25 with 99% of all voters in favor. It stated: "An oracle manipulation-based attack analogous to the one that cost Mango Markets …
Altcoin / Oct. 25, 2022
How low liquidity led to Mango Markets losing over $116 million
It would seem that the hackers used an “oracle price manipulation” tactic in the exploit on the Solana-based DeFi network, as indicated by a tweet sent by the official account for the Mango cryptocurrency exchange. In mid-October, traders took advantage of a vulnerability in the decentralized finance (DeFi) trading platform Mango Markets and stole more than $110 million worth of cryptocurrencies off the network. We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation. We are taking steps to have third parties freeze funds in flight. 1/ — Mango …
Technology / Nov. 3, 2022