$190 Million Heist Illustrates Unique Crypto Security Risks

The theft of an estimated $190 million in cryptocurrency this week from a blockchain bridge, Nomad, is just the latest in a string of similar heists targeting the crypto sector. Crypto investors are encouraged to remain wary of this and similar threats to their crypto assets as they make investment decisions.

Increasingly, crypto thieves are setting their sights on blockchain “bridges,” which facilitate the transfer of cryptocurrencies between separate blockchains. [1] Once a blockchain bridge is breached, hackers and thieves have the ability to steal massive sums of crypto tokens from their rightful owners.

Blockchain bridges have been built to solve one of the crypto sector’s critical flaws – a lack of interoperability between different cryptocurrencies. Bridges allow crypto users to transfer their assets from one cryptocurrency to another without the need to engage in the transaction-heavy process of selling off their initial tokens to purchase new tokens of a different cryptocurrency. [1]

By way of example, a blockchain bridge would allow an owner of Bitcoin tokens to transfer the value of their tokens onto the Ethereum network, resulting in ownership of an equivalent amount of Ethereum tokens. Several types of blockchain bridges exist, depending on the specific mechanisms, functions, and levels of centralization. [2]

Experts cite the unique liquidity of the assets held by blockchain bridges as one reason for their unique susceptibility to bad actors, including hackers and thieves. [3] Blockchain bridges often maintain large reserves of coins, because the funds being transferred are often locked in smart contracts held by the bridge company. [3], [4] Furthermore, because blockchain bridges facilitate transfers between cryptocurrencies, they may be vulnerable to security weaknesses within each cryptocurrency, thus multiplying potential security risks. [3]

The Nomad breach in early August 2022 brings the total amount of money stolen from blockchain bridges to date to nearly $1.83 billion. [4] Alarmingly, the vast majority of that sum – $1.21 billion – has been stolen in 2022 alone. [4]

Nomad, like many other players in the tech and crypto industry, is approaching last week’s theft with an interesting strategy for recouping its lost assets – a bounty program. While the company has enlisted the help of law enforcement agencies and blockchain analysis firms to locate the thieves involved in the heist, it is also looking to the thieves themselves for help. [4]

Nomad is thus engaging directly with its hackers, stating that so long as 90% of the funds that any hacker has stolen are returned to the firm, the hacker may keep the remaining 10% for themselves. [5] Furthermore, Nomad has agreed to treat any hackers who return this quantity of stolen funds as “white hats,” against whom no legal action will be pursued. [5] As of August 7, 2022, the landing page on Nomad’s website displays the text “Attention: White Hat Hacker Friends – Please return ETH or ERC tokens to this wallet address” along with a link to “learn more about our bounty program.” [6]

While Nomad attempts to recover its losses, this heist is yet another illustration of the inherent risks associated with the still-developing crypto landscape. Contact an attorney at Savage Villoch Law with questions or concerns related to cryptocurrency investments or other fraudulent schemes like this one.

Sources:

[1] https://www.reuters.com/technology/us-crypto-firm-nomad-hit-by-190-million-theft-2022-08-02/

[2] https://academy.binance.com/en/articles/what-s-a-blockchain-bridge

[3] https://www.washingtonpost.com/business/2022/08/05/nomad-crypto-bounty/

[4] https://www.cnn.com/2022/08/03/tech/crypto-bridge-hack-nomad/index.html

[5] https://twitter.com/nomadxyz_/status/1555293965049630722

[6] https://app.nomad.xyz/