This latest attack means more than $1 billion has been stolen through bridge exploits so far this year, with Ronin Network and Horizon targeted in recent months.
The crypto industry is reeling after a spate of fresh attacks — with the Nomad Bridge being hacked for a whopping $190 million.
It's an attack that's been described as a "free for all," with funds gradually drained in small increments over several hours.
Bridges have become a popular target for attacks in recent months, and they're used to transfer tokens from one blockchain to another.
Paradigm researcher @samczsun described the Nomad incident as "one of the most chaotic hacks that Web3 has ever seen."
Meanwhile, the blockchain intelligence firm Elliptic said:
"Over 40 attackers utilized a code error that allowed them to spoof transactions — draining Nomad’s Ethereum contract of most of its funds."
Elliptic's researchers claim a recent change in Nomad's smart contract enabled users to "spoof" transactions and falsely claim ownership of collateral within the bridge.
By its count, USD Coin worth $84 million was stolen — alongside $37.2 million in Wrapped Ether, $12.5 million in Wrapped Bitcoin and altcoins worth millions of dollars.
As panic about the attack spread, many Nomad users quickly withdrew their funds in an attempt to protect themselves.
Worse still, opportunists are now impersonating as Nomad in an attempt to get white hat hackers to return stolen crypto to an unofficial address.
The embattled bridge says that it is now working around the clock with multiple blockchain intelligence firms, as well as law enforcement agencies.
Bridges Under the Spotlight
This latest attack means more than $1 billion has been stolen through bridge exploits so far this year — a record-breaking $625 million was stolen when the Ronin Network was attacked back in March, while $100 million was swiped from Horizon Bridge in June.
Both of those incidents were linked to North Korean hackers, who are tasked with stealing cryptocurrency to enable the isolated state to sidestep economic sanctions and fund its nuclear weapons program. Elliptic added:
"Bridges have long been known to be attractive for cyberhackers. They typically hold large liquidity, as users wishing to convert funds across blockchains typically lock their assets within their contracts. They also operate on blockchains that are relatively less secure. The Nomad exploit is likely to raise questions around the security of bridges once again."