Nomad, Solana, and ZB exchange: Crypto world saw three distinct ways of hacking in a week

08-08-2022 Pankaj Gupta
Nomad, Solana, and ZB exchange: Crypto world saw three distinct ways of hacking in a week

While the discussions focus on how

blockchain technology and cryptocurrencies can transform many industries. 

The cryptocurrency community is witnessing several hackers steal millions from blockchains, exchanges, and bridges.

From the 2014 MT GOX hack to the recent Nomad Bridge attack, hackers are advancing along with the growth of blockchain technology and the cryptocurrency industry. Several million-dollar attacks have occurred, and hackers are becoming more ambitious and dangerous.

In the past few days, Attacks have escalated, as well as the amount of funds stolen has increased too. Many individuals are in a panic as they have lost their savings, The attacks on the Solana wallets, Nomad bridge, and ZB exchange brought another riskier prospect of cryptocurrencies. There are many doubts surrounding the security of cryptocurrencies: how can these bridges be easy targets for hackers? how hackers can easily access other crypto wallets?

Let's get into the detail of these three different types of attacks and how hackers make millions through them.

Bridge attacks

Blockchain bridges are applications that allow people to transfer digital assets between blockchains. Since cryptocurrencies are often isolated and unable to communicate with one another (for example, you cannot make a transaction on the Bitcoin blockchain using Dogecoins), "bridges" have emerged as an essential mechanism, if not a vital missing link, in the cryptocurrency economy.

The bridge "locks" your cash on one side and dispenses the equal amount in so-called "wrapped" tokens on the other. To change one form of cryptocurrency into another, bridge services "wrap" the money. As a result, if you visit a bridge to use a different currency, such as Bitcoin (BTC), the bridge will dispense wrapped bitcoins (WBTC). It represents stored value in a flexible alternate format, similar to a gift card or a cheque.  Bridges require a reserve of cryptocurrency currencies to back all of those wrapped coins, and hackers frequently target this reserve.

Additionally, if a bridge becomes popular over time, it can have a lot of money (imagine hundreds of millions of dollars) tied up in its smart contracts. If those smart contracts contain security flaws, some or all of that money can be stolen. As former Ethereum co-founder Vitalik Buterin has pointed out, another issue with crypto bridges is that they are by design vulnerable to attacks on two sides.

Nomad attack

On July 29, Nomad, a bridge protocol for moving cryptocurrencies across multiple blockchains, lost about $200 million due to a security flaw.

In the case of Nomad, it appears that a fault in its smart contract allowed someone to set up a cryptocurrency transaction such that they sent a few amounts of crypto on one side, but received a larger amount on the other, as multiple experts stated on Twitter. For example, you could transfer 0.1 Crypto on one side and receive 100 Crypto on the other.

Things start to become intriguing at this point. Usually, when a security flaw like this is discovered, a skilled hacker or a small group can quickly drain out all the money. However, in the case of Nomad, once someone successfully stole some cash from the Nomad bridge, other people joined in and also grabbed some money.

This is not the only bridge that has been compromised this year. The Ronin Bridge, which was used by the developers of the play-to-earn game Axie Infinity, was hacked earlier this year for approximately $625 million. The Harmony Bridge was also hacked for $100 million.

Wallet Hacks

Wallets are the backbone of the cryptocurrency industry; no matter who it is, retailers, institutions, and whales all have to use wallets to protect their assets. 

A token, or a long string of encrypted numbers, is linked to ownership of a cryptocurrency on a blockchain. Each token has a private key given to it, which is kept by the owner or a custodian that the owner has designated. The token and number could be cracked, but because of the encryption techniques, it would require a lot of tries to succeed.

As a result, the private keys and the method they are kept are a cryptocurrency and blockchain's weakness. In the world of cryptocurrencies. If you can't control what happens to your cryptocurrencies if you don't have control over the keys. A custodial connection between a key owner and key holder, also known as key storage, provides the other party control over your cryptocurrency.

A custodial connection between a key owner and key holder, also known as key storage, provides the other party power over your crypto. Since private keys are kept in wallets, this is where the majority of hacks and thefts take place. Wallets, which are computer and mobile software programs, are where all private keys are kept. They can also be written down on paper or kept on things like USB flash drives.

Wallets either have electronic and software versions and are online (hot) or offline (cold). The majority of cryptocurrency exchanges provide their users with hot and cold storage options; these options are custodial since they retain your keys on your behalf.

But, both hardware and applications (software) can be compromised. Private keys are kept in application and device wallets, where they are accessible by hackers who may then take your cryptocurrency.

Related-"How to prevent hackers from intruding on your crypto wallet"!

Solana attack

An ongoing, widespread hack has resulted in up to $8 million in funds being drained from several Solana-based hot wallets.

In the case of Solana, earlier reports of the day's attack stated that users of Slope and Phantom hot wallets were targeted, leading many to believe there was a broader issue with the Solana protocol; however, a further analysis shared by Solana's head of communications Austin Fedora revealed that the problem was limited to hot wallets.

Some allegations claim that Slope's centralized servers may have recorded user seed phrases. A hacker could have been able to conduct transactions if the servers were attacked and the seed phrases were exposed. Users were advised to quickly regenerate a seed phrase from a service other than Slope.

The fact that Slope physical wallets were unaffected, though, confirmed the widely held notion that cold wallets are more secure than hot wallets. The main issue arose when Users' private key information allegedly was saved by Slope in plain text.

Exchange hacks

Cryptocurrencies often provide a certain level of security.  However, the exchanges that oversee them, particularly new ones starting their companies from scratch, sometimes begin with a small workforce, which implies there are few or no full-time cybersecurity specialists. As they scramble to make the code function, their engineers may unintentionally include bugs that offer hackers a foothold. Exchanges are a particularly prime target for criminal hackers because of these factors.

Exchanges frequently maintain offline, secure access to a portion of their cryptocurrency holdings in so-called "cold wallets." The remaining amount is in "hot wallets," which may be distributed to users and are liquid. This indicates that if a hacker can access a specific employee account, there has been a common internet security breach.

No matter what amount of security a custodial key holder claims to have or what they promote, they are a weak point. Cryptocurrency reserves and many of its clients' private keys are typically kept by exchanges. Therefore, they are a desirable target for hackers.

ZB exchange Hack

Now, a probable hack has taken about $5 million from the hot wallet of digital asset exchange ZB.com. According to a blockchain investigator firm, approximately $4.8 million in cryptocurrency was transferred from ZB.com after the exchange announced the suspension of withdrawals.

The blockchain investigator firm speculated that hackers were responsible for transferring 21 different types of tokens from the exchange starting on Monday, including Tether (USDT), Shiba Inu (SHIB), and Tesra (TSR). At the time of writing, the funds had an estimated value of $4.8 million, according to the blockchain investigator.

Final Words

It's quite horrifying to witness so many attacks in such different forms over such a short time. There are several issues with cryptocurrencies and Blockchain technology, stunning the whole cryptocurrency community.

While other problems, like the security of bridges, are technological in nature and will take more time and development to fix. However, the hot wallet breaches and the disclosure of private keys seem to be illogical.

As more retail investors spend their money in the nascent but rapidly developing sector, crypto wallet security is rising to the top of the priority list. It is advisable to use all common wallet safety methods while dealing with cryptocurrency since hacker techniques change. 


WHAT'S YOUR OPINION?
Related News
Related Blogs