RugZombie is dedicated to providing the victims of scams, rug pulls, and hacks a way to cope through the ability to earn NFTs. Check out our staking pools called Graves to find over 40 opportunities to make use of those dead tokens and earn exclusive NFTs along the way. With the two recent hacks that took place with the Nomad Bridge and on Solana, we wanted to break these events down and give some insight on how to avoid situations like these in the future.
Nomad Bridge Hack
Nomad is a cross-chain bridge that allows users to move crypto assets between
blockchains. Nomad uses an optimistic verification mechanism, which works by assuming each transaction submission on the origin chain is valid.
However, these transactions enter a timeout period before being verified on the destination chain, during which “Watchers” inspect the transactions, canceling any they find to be fraudulent.
Unfortunately, the optimistic verification mechanism allowed for a hack to take place after the team made a small upgrade to the bridge. The upgrade set the zero hash (0x00) as a valid root, which allowed transactions to be spoofed without needing verification. Therefore, all someone needed to do to exploit the bridge was copy a transaction that worked and replace the given address with their own.
News spread fast and users rushed in to take advantage of the exploit, leading to the loss of over $150 million in only a few hours. Bridges have proven to be particularly risky, as seen with the Ronin and Wormhole bridge hacks. People such as Vitalik have expressed their concerns on the fundamental security limitations that bridges face. While bridge security could improve in the future, for now, it is best to try to avoid using bridges whenever possible.
Solana’s Slope Wallet Hack
Only one day after the Nomad Bridge hack, reports started coming out of Solana wallets being drained. In total, almost $6 million worth of funds were stolen from over 9,000 unique wallets. So far, the exact explanation for how this happened is not known, but there have been many speculations. Luckily, the Solana blockchain has not been compromised and assets held in a hard wallet are safe. At first, it was thought to be mobile wallets only (particularly those using the Slope Wallet), but reports of other hot wallets being compromised have come out.
The Solana team (and teams of wallet providers) is working tirelessly to identify and fix the issue, but since this is still unknown, it is best to be safe and transfer any assets held in a Solana hot wallet (such as Phantom or Slope). If you own a hard wallet (Ledger, Trezor), transfer all assets without importing the hot wallet’s seed phrase. If you don’t own a hard wallet (you should), you can either transfer them to a centralized exchange (Coinbase, Binance) or a paper wallet. In general, keeping assets in hot storage is inherently riskier, so only keep assets you are willing to lose in a hot wallet
and transfer the rest to a hard wallet. This will protect you from events like this in the future.
What is the best way to keep my crypto assets safe?
Storing your digital assets in a hard wallet like those provided by Ledger or Trezor is the best way to keep your crypto assets safe.
How did Solana wallets get hacked?
Slope’s mobile app sends off mnemonics via TLS to their centralized Sentry server. These mnemonics are then stored in plaintext, meaning anybody with access to Sentry could access user private keys.
What was the largest crypto hack?
Axie Infinity’s Ronin Bridge was hacked for $614 million in March 2022.