Some CRYPKYP functionalities are depricated as of October 2022 and will no longer be populated until further development and future version.
Although all here is visible and interactable you can not Contribute to those articles.
Try looking at other information on the Platform and Contributing there!
Have a great day,
CRYPKYP Team
In one of the most significant attacks since Axie Infinity's Ronin Bridge Sidechain in March, a vulnerability in the Nomad token bridge enabled hackers to steal around $190 million off the bridge.
"The situation concerning the Nomad token bridge is known to us. We are conducting an investigation and will offer updates as they become available. " Nomad sent a tweet on Monday afternoon.
The situation with the Nomad token bridge is known to us. We are conducting an investigation and will give updates as they become available.
The Nomad bridge is a protocol that enables users to transfer digital assets between blockchains, such as Avalanche (AVAX), Ethereum (ETH), Evmos (EVMOS), Milkomeda C1, and Moonbeam (GLMR).
Some have referred to a setup issue in a smart contract that Nomad uses to handle messages as the source, allowing Nomad’s liquidity pool to be drained of millions of dollars.
Sam Sun, a researcher at crypto investment company Paradigm, tweeted, “It all began when @officer_cia retweeted @spreekaway’s tweet in the ETHSecurity Telegram channel.” Even though I did not understand what was happening at the time, the sheer number of assets departing the bridge was a warning indication. twitter.com/klHNfthVvj — samczsun (@samczsun) August 1, 2022
Sun said, “It turns out that after a regular upgrade…” “The Nomad team set the trusted root value to 0x00. To be clear, it is standard practice to use zero values as startup values. Unfortunately, it had the minor effect of automatically proving every message.”
Sun compared what followed to “a frenetic free-for-all” since it required minimal technical understanding to exploit the vulnerability.
Sun wrote, “You didn’t need to know about Solidity, Merkle Trees, or anything like.” “All you had to do was discover a successful transaction, find/replace the other person’s address with your own, and rebroadcast it.”
Similarly, blockchain security company Certik warned that the flaw might be exploited by simply copying and pasting transactions. The company noted that the update might be exploited “by duplicating the original hacker’s transaction call data and substituting the original address with their own.”
All credit goes to @samczsun for diagnosing the exact vulnerability in his postmortem.
How did the first decentralized, mass theft of a nine-figure bridge occur? pic.twitter.com/v5u6mrKQv1 — foobar (@0xfoobar) August 2, 2022
Thus, virtually all of the bridge’s funds were depleted.
“Nomad’s bridge was compromised similarly to Qubit’s QBridge,” a16z security engineer Matt Gleason tweeted. “An insecure setup of the bridge allowed any transaction to be delivered over a specified path. The problem occurs within the ‘process’ function of the Replica.”
1/ The same thing happened to Nomad’s bridge as it did to Qubit’s QBridge. An insecure setting of the bridge allowed any transaction to be routed over a specified path. The error is within the “process” function of the Replica. — Matt Gleason’s website (@mg_486662) August 2, 2022
“The system will take any message it has never seen before and process it as if it were authentic, so all you have to do is ask for all the bridge’s money,” he continued.
According to the FTC, hacks targeting cryptocurrency projects have taken over $1 billion since 2021.
