A few hours ago, the Coinbase backed cross chain bridge has been hacked and lost close to $200M. The hack started earlier today at 9:30 GMT, following an exploit in the bridge.

The hackers first moved wrapped bitcoin (WBTC) and later on stable coin (USDC). It is impossible to determine if the work was done by a group of experts or a single individual.

Is the Nomad Crosschain Bridge Team Aware of the Hack?

The Nomad Crosschain Bridge team has taken to discord and twitter to inform users that it is aware of the happenings. The team is looking into this hack. It is a sad occurrence for Nomad Crosschain Bridge because it raised close to $22M this year following OpenSea and Coinbase backings.

The Nomad Crosschain Bridge team has reported to Coindesk a few hours ago, acknowledging the hack. The team says it is conducting an investigation using top Blockchain forensics and intelligence firms.

Nomad has also informed the law enforcement agencies concerning the hack. Nomad's goal is to identify the affected accounts and try to recover the funds.

How did the Nomad Bridge Hack Happen?

Crosschain Bridge hacks have become more common. Bridges help users trade cryptocurrency across different blockchains, for example from Ethereum to Binance.

A recent update by Nomad Crosschain Bridge rendered the bridge vulnerable. Bridges complete token exchange by wrapping the original token to enable it trade on another chain, for example, optimism wraps Ethereum to Wrapped Ethereum for users in Binance Network.

The recent upgrade left a fatal flow within the Replica contract. During the Nomad Crosschain bridge upgrade, the team initialized the trusted root to be a 0x00.It is common practice, however, this made nomad auto approve every message.

The hack did not need any knowledge of coding languages like solidity or Markle trees, you simply needed to find a transaction that worked, replace the other person's address with yours, and then rebroadcast.

Attackers abused this copy-paste transaction and stole up to $200M.