At a glance.
- Nomad cryptocurrency bridge looted.
- BlackCat ransomware gang hits European energy company.
- DSIRF disputes Microsoft's cyber mercenary report.
- Atrocities and disinformation.
- Domestic disinformation in Russia?
Nomad cryptocurrency bridge looted.
Bloomberg reports that Nomad, which provides a bridge over which crypto tokens may be shifted to different blockchains, was hit yesterday by an attack that's caused the loss of nearly $200 million in cryptocurrency. PeckShield, which has been following developments over its Twitter account, is credited with noticing the caper. Researcher samczsun describes how the theft was carried out. "It all started when @officer_cia shared @spreekaway's tweet in the ETHSecurity Telegram channel. Although I had no idea what was going on at the time, just the sheer volume of assets leaving the bridge was clearly a bad sign." Apparently there was a flaw in the platform's blockchain contract that allowed users to withdraw more than they'd deposited. After the initial exploit, around forty other copycat attacks followed. We heard from Comparitech's Head of Data Research, Rebecca Moody, who ranked this attack as the ninth largest of this kind. “Overnight, Nomad Bridge was drained for over $190 million in the third-biggest crypto heist of 2022 and the ninth-biggest of all time, according to Comparitech's worldwide cryptocurrency heist tracker," she said. "But in a unique twist, the hack on Nomad appeared to be carried out by numerous copy-and-paste actors. Experts suggest that the initial hacker found a fatal flaw in the platform's Replica contract, meaning anyone (including those with zero coding knowledge) could locate a transaction that worked, use their address to replace the user's address, and re-broadcast it. Over the space of a few hours, almost all of the bridge's $190.7 million was drained with just $651.54 left." It's unclear how much, if any, of the currency lost will be recovered. Moody says, "There are suggestions that white hat hackers removed some of the funds to safeguard them, but it remains to be seen just how much of the $190 million is recoverable.”