Male hacker stealing crypto currency concept
image: Adobe Stock

U.S. crypto firm Nomad has been the victim of a digital theft that saw hackers make off with $190 million of cryptocurrencies owned by users of the service. On August 1, Nomad confirmed the theft in a tweet that said: “We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.”

Tapping into the current cryptocurrency craze, Nomad develops software that connects different blockchains such as Bitcoin and Ethereum. The goal is to help cryptocurrency investors securely swap their digital assets, or tokens, across the various blockchains without having to use a third party as a go-between. The token bridge referenced in Nomad’s tweet is a tool that helps users transfer their tokens across the disparate blockchains.

Token bridges: Blockchain security targets

Blockchain token bridges have been hit by several thefts in the past, with more than $1 billion stolen from such bridges so far in 2022, Reuters has reported, citing information from blockchain analytics firm Elliptic. In June, U.S. crypto firm Harmony revealed that hackers grabbed around $100 million worth of tokens from its Horizon bridge product. And in March, hackers stole around $615 million worth of cryptocurrency from Ronin Bridge, a tool used to transfer assets in the game Axie Infinity.

These thefts point to the vulnerabilities of blockchain token bridges and the difficulties in trying to secure cryptocurrency transactions.

“While we have had thousands of years to learn how to secure physical assets and money, the practices of securing digital currency, especially cryptocurrency, are still in their infancy,” said Erich Kron, security awareness advocate for security awareness training firm KnowBe4. “Unlike physical assets, attacks against digital goods and money can be done from anywhere in the world, and unlike when a person is arrested for attempting to steal physical goods, attempts to steal digital items are accepted as normal, and rarely is an arrest made.”

On August 2, Nomad posted a follow-up tweet with updates on the incident. The company said that it’s working with leading chain analysis and intelligence firms as well as law enforcement to trace and try to recover the stolen funds. It also said that it’s developing technical fixes and an action plan, presumably to try to prevent future such thefts.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

What can victims expect?

For now, Nomad is relying on the good graces of white hat hackers to return some of the stolen currency. The company said that it’s working with custodian bank Anchorage Digital to accept and secure Ethereum and ERC-20 (Ethereum Request for Comments 20) at a specific digital wallet. The home page for Nomad’s website is even displaying a notice calling on “White Hat Hacker Friends” to return ETH or ERC-20 to the wallet address. Otherwise, recovering the stolen funds may be difficult.

“The non-reversible nature of cryptocurrency has made it a favorite for cybercriminals,” Kron said. “Unlike even many digital transactions between banks, which can be reversed, once a cryptocurrency transaction happens, it is permanent. Even more frustrating is the fact that we can see the accounts the currency resides in but can do very little about it unless that account is verified and connected directly to a person.”

How can crypto companies and investors better protect themselves from compromise?

“For individuals or organizations dealing in cryptocurrency, understanding the threats they face is vital,” Kron said. “Since social engineering attacks such as phishing, vishing and smishing are some of the top methods bad actors are using to attack the sector, those dealing with cryptocurrency, especially organizations, should ensure users are continually educated in how these attacks work, and tested often with simulated attacks.”

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays