The Base Of Cryptocurrency
Cryptocurrencies generally work off a blockchain which records its movements. This has both pros and cons, but the biggest pro and con is that there’s no centralized agency that monitors the coins. They monitor themselves instead! Given the base coin technology was made correctly, you can kind of just set it and forget it, and transactions using secure, well-made cryptocurrencies will work out as they should so long as both parties are being honest and not trying to scam each other. That’s not always the case, but in a perfect world, the flaws belong to the people and not to the tech. You can’t hack a Bitcoin, for example, it has to be deliberately sent. Almost all Bitcoin scams involving theft are social engineering attacks for this reason – if a scammer can get into a Bitcoin wallet, either by brute forcing the password or tricking the owner into giving it to them, they can still steal the coin by sending it elsewhere, and it can’t be called back.
However, this really applies best to Bitcoin and older cryptocurrencies that have had a minute to mature and improve the tech. New tech using blockchain are riddled with flaws. Take NFTs, for example – on some of the platforms hosting them, a security flaw allowed ‘smart contracts’ to be planted in someone’s wallet, which would then move the real NFTs out of the wallet once the owner clicked them. NFT chains can’t show if something was paid for, they only show if it was moved, and so those NFTs would be sold along as though they’d never been stolen because nobody would be able to tell. It’s sort of ridiculous.
The coins are impenetrable – everything else is not.
The Nomad Bridge Hack
Bridges, in cryptocurrency speak, are like currency exchanges. They allow people with one type to spend it like another by depositing the crypto they have to be used as collateral for the one they want. Blockchain technology is difficult to break when it’s one continuous piece, but when it’s not, it’s just like any other kind of banking technology. Meaning it also needs layers and layers of security so a failure on one layer doesn’t mean total system failure.
The problem is that typical banks have had a ton of time to work out security, but crypto is new, and it always wants to build itself something special, just for crypto, because that makes it more special than all the other modes people have used for payment. As a result, they’re rediscovering issues that banks have already worked out, like the exploit that drained Nomad of all of its money. Or the different exploit that drained Wormhole. Or the other different exploit that drained the Ronin bridge.
In Nomad’s case, a bad update allowed any tokens with the default value for transactions to go through as though they were valid. Once one person figured it out, others began copy-pasting his transaction info and substituting the destination address for their own. This allowed them to transfer currency to their own wallet without having to put up any collateral, like they normally would. A handful of people tried to altruistically take money so it’d be safe in a wallet and they could give it back later, but the vast majority was snatched before the platform could react.
Currently, Nomad is attempting to trace the coins and get them back, but this is the major disadvantage of cryptocurrency – they can’t just reverse the transaction, and the coins don’t record whether a movement was legal or not. There’s also no central body to make the thieves give the coins back, because the currency was made specifically so it wouldn’t need that. It’s unclear if Nomad is actually going to be able to get those coins back. Right now, 9 million dollars’ worth of the stolen coins have been returned (probably due to the 10% bounty that Nomad set trying to encourage people to give the money back) but the rest is still up in the air.
Sources: https://blockworks.co/nomad-token-bridge-raided-for-190m-in-frenzied-free-for-all/