Crypto Choj Nomad Exploited rau $ 190M hauv 'Frenzied Free-for-All'

Hauv ib qho ntawm feem ntau hacks txij li Axie Infinity's Ronin Choj Sidechain Thaum Lub Peb Hlis, kev siv nyiaj ntawm Nomad token choj tau tso cai rau cov neeg tawm tsam nyiag tus choj ntawm kwv yees li $ 190 lab.

Lub tuam txhab ruaj ntseg PeckShield hais Decrypt hais tias cov nyiaj nyiag los tau denominated nyob rau hauv Ethereum, USDC, DAI, FXS, thiab CQT.

"Peb paub txog qhov xwm txheej cuam tshuam nrog tus choj Nomad token. Tam sim no peb tab tom tshawb nrhiav thiab yuav muab cov xov xwm tshiab thaum peb muaj lawv, "Nomad tweeted Hnub Monday tav su.

Tus choj Nomad yog tus txheej txheem tso cai rau cov neeg siv txav cov cuab tam digital ntawm cov blockchains sib txawv, suav nrog avalanche (AVAX), Ethereum (ETH), Evmos (EVMOS), Milkomeda C1, thiab Moonbeam (GLMR).

Txawm hais tias cov ntsiab lus los ntawm Nomad tsis tshua muaj, qee qhov tau taw qhia rau qhov kev teeb tsa yuam kev hauv a ntse ntawv cog lus uas Nomad siv los ua cov lus raws li qhov ua rau, tso cai rau ntau lab tus neeg raug tshem tawm los ntawm Nomad lub pas dej ua kua dej. 

"Nws tag nrho pib thaum @officer_cia qhia @spreekaway's tweet hauv ETHSecurity Telegram channel," Sam Sun, tus kws tshawb fawb ntawm crypto peev tuam txhab Paradigm, tweeted. "Txawm hais tias kuv tsis paub tias yuav muaj dab tsi tshwm sim thaum lub sijhawm, tsuas yog qhov ntim ntawm cov khoom muaj nqis tawm hauv tus choj tau qhia meej tias qhov tsis zoo."

"Nws hloov tawm tias thaum lub sijhawm hloov kho ib txwm muaj," Sun txuas ntxiv. "Cov pab pawg Nomad pib lub hauv paus ntseeg siab ua 0x00. Kom meej meej, siv xoom qhov tseem ceeb raws li qhov pib qhov tseem ceeb yog ib qho kev coj ua. Hmoov tsis zoo, hauv qhov no nws muaj qhov cuam tshuam me me ntawm nws pib ua pov thawj txhua cov lus. "

Nomad choj nres 'frenzied dawb-rau-tag nrho'

Hnub piv rau qhov tshwm sim ib sab ntawm "frenzied free-for-all" vim hais tias nws siv cov kev paub me me los txhawb kev siv. 

Sun tau sau tias "Koj tsis tas yuav paub txog Solidity lossis Merkle Trees lossis lwm yam zoo li ntawd," Sun sau. "Txhua yam koj yuav tsum tau ua yog nrhiav kev lag luam uas ua haujlwm, nrhiav / hloov lwm tus neeg qhov chaw nyob nrog koj li, thiab tom qab ntawd rov tshaj tawm nws."  

Ib yam li ntawd, blockchain kev ruaj ntseg ruaj khov Ntawv pov thawj tau qhia hais tias Cov neeg tawm tsam tuaj yeem siv cov kab laum los ntawm kev luam thiab pasting kev lag luam. Lub tuam txhab tau hais ntxiv tias tib neeg tuaj yeem siv qhov kev hloov kho tshiab "los ntawm kev theej tus thawj hacker qhov kev sib pauv hu xov tooj thiab hloov qhov chaw nyob qub nrog tus kheej."

Nyob rau hauv no txoj kev, tus choj twb drained ntawm yuav luag tag nrho cov ntawm nws cov nyiaj.

"Nomad tus choj tau muaj nyob rau hauv ib yam zoo li Qubit's QBridge," tweeted a16z kev ruaj ntseg engineer Matt Gleason. "Ib qho kev teeb tsa tsis ruaj khov ntawm tus choj ua rau muaj txoj hauv kev tshwj xeeb kom tso cai rau kev xa mus. Qhov yuam kev yog nyob rau hauv Replica's 'process' muaj nuj nqi. "

"Lub kaw lus yuav lees txais cov lus uas nws tsis tau pom dua ua ntej thiab ua nws zoo li nws yog qhov tseeb, txhais tau tias txhua yam koj yuav tsum tau ua yog thov rau tag nrho tus choj nyiaj thiab koj yuav tau txais nws," nws hais ntxiv.

Raws li FTC, cyberattacks tawm tsam crypto tej yaam num tshwm sim los qhia tias tsis muaj lub cim ntawm kev qeeb, nrog ntau dua $ 1 nphom hauv crypto nyiag txij li xyoo 2021.