Held at gunpoint
Photo by Maxim Hopman / Unsplash

This past week saw a significant decline for most DeFi top 100 tokens. There was also mixed price action, and two significant DeFi ecosystems were hit with one million-dollar exploit after another million-dollar exploit. Solana (1) and Nomad Bridge (2) were victims of a decentralized heist attack. Nomad’s cross-bridge token platform had almost $190 million in cash siphoned from wallet attacks, and the perpetrators completely emptied thousands of wallets, all from the Solana ecosystem.

According to analytical data, Defi's total market capitalization increased by about $9 billion over the previous week, posting revenues of $79.4 billion. However, many of the top 100 tokens in market capitalization experienced shocking declines, while others saw double-digit price increases.

Yearn.finance YFI (3), which gained 20% over the previous week, came in first among the top 100 gainers, followed by Lido DAO (LDO) (4), which had a spike of 16%, Fantom FTM, which saw a price increase of 10%, and PancakeSwap CAKE (5), which saw an increase of 8% on this weekly chart.

What exactly happened with Nomad and Solana?

A critical security flaw in the Nomad Token Bridge allowed hackers to systematically drain a considerable percentage of the bridge's funds through lengthy transactions. In contrast, a massive wallet drain on Solana affected almost 8000 users and dented the DeFi sector.

Nomad Bridge Attack:

Nomad is a cryptocurrency "bridge" that connects several blockchain networks, making it easier for users to move tokens across platforms, such as from Solana to Ethereum (6).

When a user deposits tokens, the bridge generates an equivalent value in a wrapped state at the other end, and wrapped tokens indicate a claim on the origins, allowing users to trade on multiple platforms rather than the single parent platform.

Bridges are regarded as the top targets for hackers due to the vast quantity of assets they store, the notion that they are locked within the ecosystem, and the flaws that make them vulnerable to attacks. Hackers are quite fond of looking for flaws in these spots where they might be able to steal that money while these bridges are accumulating a sizable sum of cash.

Over 40 hackers participated in this attack on Nomad, regarded as the eighth largest cryptocurrency attack of all time. One significant hacker alone made just under $42 million from the attack. All of this occurred as a result of a bug in Nomad's code that allowed hackers to access the ecosystem and steal tokens valued at almost $190 million.

Even if there wasn't a lot of money on deposit, attackers could undoubtedly access any value in the system and remove assets. Due to the significant nature of the issue, attackers did not need programming knowledge to exploit the system, and once others found the catch, many more joined in and launched the same attack.

Although Nomad asserted that it is joining forces with blockchain analysis company TRM Labs (7) and law enforcement to track down the funds and identities that attackers stole, the company also implied a relationship with Anchorage Digital, a U.S.-licensed (8) company that specializes in the safe keeping of cryptocurrency and other digital assets, where any money they receive in return for the offer from Nomad will be kept.

After almost losing $200 million after a major security flaw, Nomad claims to have offered attackers a bounty of roughly 10% in exchange for returning the funds. They have so far managed to recover about $20 million of the stolen money.

The reward Nomad offers is for those who have returned the money and will do so in the future. It also states that it will not pursue legal action against anyone who returns 90% of the assets it attacked and that it will regard the users involved in this attack as "white hat" hackers (9), which are similar to ethical hackers in the cybersecurity industry who work with enterprises to inform them of any software flaws.

Solana Attack:

Approximately 8,000 digital wallets were emptied of $5.2 million worth of digital assets, including the USD Coin USDC (10) and the SOL token of Solana. Although 7,767 wallets were confirmed to be impacted by the attack on Solana's Twitter account.

After Bitcoin (11) and Ether, Solana's SOL is one of the largest cryptocurrency tokens, but it dropped by around 8% in the first two hours of the hacker attack. It is currently down by about 1%, but the trading volume increased by 105% on the previous day.

The funds in "hot" wallets, including Slope, Phantom, and Trust Wallet (12) that were connected to the internet, started to disappear, according to numerous users who started reporting them. The blockchain auditing company, OtterSec (13), asserted that this assault had impacted numerous wallets on other platforms, despite Phantom's confirmation that it is looking into the Solana ecosystem.

Although the underlying source of this breach has not yet been identified, it appears to have been caused by a bug in some wallet software rather than the Solana Blockchain. Apart from the fact that the transactions were signed and verified by the real owners, a private key had been hijacked as a secure code that gives the owner access to their cryptocurrency holdings.

Photo by regularguy.eth / Unsplash

Engineers from other ecosystems attempt to discover the attack by using security firms to investigate empty wallets in Solana. Although the Solana network is largely recommending its users use hardware wallets, currently, there is no information showing how many have been affected.

Users should also generate a replacement seed phrase rather than use the previous one in their hardware wallet. The drained wallet is considered to have been breached and abandoned. Seed phrases are arbitrary words generated by a cryptocurrency wallet that provides access to the wallet.

The hypothesis that four addresses are currently connected to the hack suggests that a single party is behind it. This is in stark contrast to the earlier decentralized heist on Nomad that took place before the Solana attack and involved 120 different hackers.

Share this post