$190M Nomad Bridge Hack & its Contagion Effects | Solana Wallets Hacked | LI.FI x EPNS | $200K Payout for Whitehat & More!
Last Week In The Multi-Chain Ecosystem (1st to 7th Aug 2022)
Welcome to LI.FI’s Cross Chain Insider newsletter. If you want to join this community of cross-chain aficionados learning about bridges, interoperability, and the multi-chain ecosystem, subscribe below:
You can also check out LI.FI’s research articles, and follow us on Twitter!
Bridge Updates
Nomad Bridge was hacked for $190M on Aug 2, becoming the 5th largest exploit in the history of DeFi. The exploit occurred because of an implementation error during a routine upgrade where the Nomad team marked the zero hash as a valid root. This allowed hackers to spoof messages on Nomad and drain all the funds ( Read more here.) Some of the funds were recovered by whitehat hackers and have been returned to the Nomad team — $32M+ from 86 wallets.
2) cBridge Now Supports Klatyn 🤝🏻
Celer’s cBridge has added support for Klatyn blockchain. Users can now bridge USDT, USDC, WETH, WBTC, and DAI between Ethereum and Klatyn via cBridge.
3) Ren Integrates Kava 👏🏻
Ren now supports direct bridging to and from Kava for every asset that Ren supports, such as $BTC, $ETH and $USDC!
4) Two Critical Bugs Reported in Interlay BTC Bridge 👨🏻💻
@PwningEth, a whitehat hacker, reported 2 critical bugs in Interlay’s BTC Bridge through Immunefi. All issues have been fixed and no funds were lost. The whitehat hacker received a $200k payout for his work.
5) LI.FI Channel on EPNS — Get Mobile Notifications for Bridging with LI.FI 🔔
LI.FI has partnered with EPNS to establish better communication with its users. The official LI.FI channel is now live on EPNS and LI.FI users can now start receiving notifications on the status of their transactions on transferto.xyz.
To get notifications, 1) go to http://app.epns.io, 2) Search for the LI.FI channel, and 3) click on “opt-in”.
Multi-Chain Ecosystem Updates
A vulnerability in Solana’s wallets resulted in a mass private keys exploit that affected over 8000 wallets, causing $5M losses in user funds. The exploit saw native tokens like SOL and SPL tokens like USDC drained from Solana hot wallets such as Phantom and Slope. After investigation, the devs revealed that hacked addresses “were at one point created, imported, or used in Slope mobile wallet applications”.
2) Proposal to Freeze Aave V3 on Fantom 🧐
Aave co-founder, Stani Kulechov, has created a proposal to freeze the Fantom Aave V3 market, citing risks involved with bridges and the market’s inability to generate sufficient revenue for the AaveDAO.
3) Magic Ethen — Magic Eden’s Ethereum Expansion 🔥
Magic Eden, the premier NFT marketplace on Solana, has announced that it will add and integrate Ethereum NFTs onto the platform.
4) Coinbase Prime Offers ETH Staking 🚀
Coinbase Prime, an integrated solution for sophisticated investors and institutions, now offers ETH staking service to institutions in the US. Clients can now generate yield by staking ETH using the firm’s cold storage vaults.
5) Chainlink is Now Live on Metis 🤝🏻
Metis has integrated Chainlink Price Feeds. The team expects Chainlink's integration to be one of the building blocks for expanding its ecosystem.
6) Brave Integrates Aurora 👏🏻
Brave browser has integrated Aurora into its wallet. Aurora is now a preloaded chain for Brave Wallet users.
What’s Popping on Twitter?
On Aug 2, we witnessed another bridge hack with $190M drained from Nomad within a few hours. Bridges now account for 4 out of the top 5 biggest hacks in the history of DeFi.
Any hack in DeFi is bad. However, it can be argued that bridge hacks are even worse because of the contagion effects. Let’s examine why these contagion effects exist and how the Nomad hack impacted Evmos, Milkomeda, and Moonbeam ecosystem.
Why do bridge hacks have contagion effects?
Bridges help blockchains establish connectivity with other ecosystems and enable porting over wrapped versions of blue-chip assets. To maintain uniformity and avoid having 10 different wrapped versions of a token, ecosystems typically partner with a single bridge provider for minting assets on their chain. For example, Evmos chose Nomad as its go-to canonical bridge provider, which meant Nomad mints wrapped versions of non-native assets like USDC on Evmos.
This helps an ecosystem bootstrap liquidity but also creates a counterparty risk on the bridge. And when bridges get hacked, this counterparty risk is exposed.
Bridged assets are simply representations of the original asset on the source chain. They have value only because they are backed by the original asset. When a bridge gets hacked, the bridged assets become value-less as they are no longer backed by the original assets. As a result, there are widespread contagion effects.
Contagion Effects of Nomad’s Hack
Nomad’s case was no different. It had contagion effects that spread to several ecosystems.
Moonbeam, Milkomeda, and Evmos rely on Nomad as their go-to canonical bridge. Because of the hack, massive amounts of funds were bridged away from these chains.
Closing Thoughts
Bridges have become a critical piece of blockchain infrastructure. It’s time we reflect on all the bridge hacks and build secure bridges theoretically (fundamentals) and practically (implementation).
Interesting Reads
1) The Future of Bridging Might Still be Optimistic
2) Debridge Attempted Cyberattack
3) Complete Guide to Rollups
4) On crypto bridges — The dilemma of on-chain middlemen.
5) Vulnerabilities in Cross-chain Bridge Protocols
Get Started with LI.FI Today
To learn more about us,
Head to our link portal at links.li.fi
Read our SDK ‘quick start’ at docs.li.fi
Join the official Discord server
Follow our Telegram Newsletter
or try our any-2-any swaps NOW at transferto.xyz