FAIL: Nomad DeFi Bridge ‘Loses’ $190M of Worthless Tokens

Please fol­low and like us:
Pin Share

Cryp­tocur­ren­cy start­up Nomad allowed thieves to steal all its fake mon­ey. It’s the lat­est dan­ger­ous DeFi API vul­ner­a­bil­i­ty in a long line of such failures.

Nomad claimed its “opti­mistic bridg­ing” API would “would keep users’ funds safe.” That sounds like an opti­mistic promise—it cer­tain­ly hasn’t aged well.

DevOps Connect:DevSecOps @ RSAC 2022

Stu­pid exploit or cyn­i­cal rug pull? In today’s SB Blog­watch, we take a clos­er look.

Your hum­ble blog­watch­er curat­ed these blog­gy bits for your enter­tain­ment. Not to men­tion: Tech­ni­cal inter­view sur­vival guide.

I’ve Got a Bridge to Sell You

What’s the cra­ic? Eliz­a­beth How­croft reports—“Cryp­to firm Nomad hit by $190 mil­lion theft”:

Nomad described itself as a ‘secu­ri­ty-first’ busi­ness
Cryp­to ana­lyt­ics firm Peck­Shield [said] $190 mil­lion worth of users’ cryp­tocur­ren­cies were stolen, includ­ing ether and the sta­ble­coin USDC. Oth­er blockchain researchers put the fig­ure at over $150 mil­lion. [It’s] the lat­est such heist to hit the dig­i­tal asset sec­tor this year.

[It] tar­get­ed Nomad’s “bridge” – a tool which allows users to trans­fer tokens between blockchains. … Blockchain bridges have increas­ing­ly become the tar­get of thefts, which have long plagued the cryp­to sec­tor. Over $1 bil­lion has been stolen from bridges so far in 2022, accord­ing to … Ellip­tic.

San Fran­cis­co-based Nomad … which last week raised $22 mil­lion from investors … makes soft­ware that con­nects dif­fer­ent blockchains – the dig­i­tal ledgers that under­pin most cryp­tocur­ren­cies. … Nomad described itself as a “secu­ri­ty-first” busi­ness which would keep users’ funds safe.

That’s hilar­i­ous. Sam Kessler and Brandy Betz mourn the loss—“Calls the secu­ri­ty of cross-chain token bridges into ques­tion once again”:

Bridge attacks have become more fre­quent
Attack­ers [drained] the pro­to­col of vir­tu­al­ly all of its funds. … Monday’s attack is the lat­est in a string of high­ly-pub­li­cized inci­dents.

The Nomad team acknowl­edged the exploit: … ”An inves­ti­ga­tion is ongo­ing and lead­ing firms for blockchain intel­li­gence and foren­sics have been retained. We have noti­fied law enforce­ment and are work­ing around the clock … to iden­ti­fy the accounts involved and to trace and recov­er the funds.”

Bridge attacks have become more fre­quent in recent months. [They] can be dev­as­tat­ing for small­er chains that rely on them for a large amount of their total liquidity.

What went wrong? @Zellic_io has the tl;dr:

Bug­fix intro­duced a regres­sion, that com­bined with a curi­ous­ly ini­tial­ized stor­age slot, led to a severe vuln. Attack­ers copy­cat­ted each oth­er, mess­i­ly drain­ing the bridge over an hour.

Audit drift is a major prob­lem in Web3 secu­ri­ty. … Audits are often only a point-in-time snap­shot of the code. New code is often not audit­ed. New code must be rig­or­ous­ly test­ed or audit­ed, as it can intro­duce new bugs, like in this case.

For mis­sion-crit­i­cal and high-assur­ance code, sim­ple unit test suites are insuf­fi­cient. Inte­gra­tion tests, on a main­net fork must be done. Neg­a­tive tests are nec­es­sary as well: A sim­ple neg­a­tive test for pro­cess­ing invalid mes­sages would like­ly have caught this mistake!

Do we need reg­u­la­tion? Test0129 is sure we do:

This is pathet­ic
There is a rea­son tech­nol­o­gy that requires high lev­els of sta­bil­i­ty is mired in lay­ers of approval, review, reg­u­la­tion, etc. It doesn’t change much if at all once it works, because the prob­a­bil­i­ty of intro­duc­ing a fail­ure mode is so high with software.

There’s a point where this lev­el of of neg­li­gence should rise to crim­i­nal lia­bil­i­ty, no dif­fer­ent than if some­one wrote code for a new Boe­ing that was so bad it moves beyond incom­pe­tence. We are at this point.

Cryp­to com­pa­nies … should be required to car­ry insur­ance and pass strin­gent secu­ri­ty audits no dif­fer­ent than oth­er high val­ue sys­tems. This is pathet­ic, and it’s not the first time, sec­ond time, or third time it happens.

We can’t even agree how much was stolen. $40 mil­lion here, $40 mil­lion there, pret­ty soon you’re talk­ing seri­ous money—right, quall?

You know cryp­to is an unsta­ble pile of noth­ing when [one] firm says every­thing was worth $190m, but anoth­er only eval­u­ates it all at $150m. We’re talk­ing a … 21% difference.

Wan­na dive deep­er? Your dive bud­dy is @samczsun:

While the Moon­beam trans­ac­tion did bridge out 0.01 WBTC, some­how the Ethereum trans­ac­tion bridged in 100 WBTC. [And it] didn’t actu­al­ly prove any­thing. It sim­ply called process direct­ly. Suf­fice to say, being able to process a mes­sage with­out prov­ing it first is extreme­ly Not Good.

A quick look sug­gests that the mes­sage sub­mit­ted must belong to an accept­able root [and] the root of a mes­sage which had not been proven would be 0x00. … It turns out that dur­ing a rou­tine upgrade, the Nomad team ini­tial­ized the trust­ed root to be 0x00. [This] had a tiny side effect of auto-prov­ing every mes­sage.

This is why the hack was so chaot­ic. … All you had to do was find a trans­ac­tion that worked, find/replace the oth­er person’s address with yours, and then re-broad­cast it.

ELI5? hyper­tele-Xii explains like you’re five:

Their “smart” con­tract was acci­den­tal­ly pro­grammed to accept a proof-less mes­sage as full root access:
if (autho­riza­tion == 0)
then accept_transaction(withdraw $150mil)

And this won’t be the last time. So says this Anony­mous Cow­ard:

The fun­ny and sad thing is there’s more fools will­ing to put mon­ey into cryp­to and get scammed by Ponzi-crypto-scammers.

Mean­while, rapsey freestyles:

Well done and con­grats to the hack­ers. One step clos­er to rid­ding the world of web3 nonsense.

And Finally:

Get a bet­ter job

TW: Hostage sit­u­a­tion, firearms, Arby’s, Nickelback

Pre­vi­ous­ly in And Final­ly


You have been read­ing SB Blog­watch by Richi Jen­nings. Richi curates the best blog­gy bits, finest forums, and weird­est web­sites … so you don’t have to. Hate mail may be direct­ed to @RiCHi or [email pro­tect­ed]. Ask your doc­tor before read­ing. Your mileage may vary. E&OE. 30.

Image sauce: Mah­di Bafande (via Unsplash; lev­eled and cropped)



Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *