E9 - Chaos In Crypto | Nomad Bridge Rekt, 9K Solana Wallets Hacked, Nirvana Finance Crushed, & more - 8/4/2022

I, Degen

Aug 4 2022 • 1 hr 2 mins

Full show notes:
https://hackmd.io/@idegen/E9-Nomad-owned-Solana-wallets-hacked-8-4-2022

I, Degen - E9: Chaos In Crypto - Nomad Owned, Solana Wallets Hacked, Nirvance Finanace Crushed, & more - 8/4/2022

Listen at: idegen.fm

Contact us: @idegenfm


Intro

Welcome to I, Degen - We track down and explore the most exciting crypto hacks, mysteries, exploits, and anything that feeds our crypto curiosity each week. We dig in, cutting through the misinformation and hype in search of signal from the noise.


Episode Summary

The word of the week is chaos. From the first-of-its-kind decentralized looting mob destroying Nomad to the mysterious draining of more than 8K Solana wallets, it’s been a crazy week. Sadly, there is more.

**Quick word on signal **

I,Degen - Weekly

  1. Reaper Finance - FTM based hacked for 1.7MM Audit, Significant code update, no audit, owned.
  2. The SEC is accusing 11 individuals of running the Forsage Ponzi that generated more than 300 million from users on several blockchains (ETH, BNB,Tron) https://defi-planet.com/2022/08/officials-of-forsage-crypto-accused-of-running-a-300-million-ponzi-scheme/
  3. Two founders pled guilty to securites fraud from a 2017 ICO called “Dropl” for scamming users out of 1.9 million. The founders were sentenced to 2.5 and 3 years for their crimes (https://coinfomania.com/two-men-bag-three-years-in-prison-ico-fraud/)
  4. A bill reaches the Senate that would classify Bitcoin and Ethereum as commodities and put their regulation under the CFTC. (https://www.wsj.com/articles/senate-plan-would-put-bitcoin-ether-under-commodity-regulators-watch-11659499261)
  5. Texas based mining firm Riot Blockchain earned 9.5 MILLION in credits after agreeing to temporarily shut down their mining operation during a recent heat wave and power struggles. (https://www.bloomberg.com/news/articles/2022-08-03/bitcoin-miner-made-millions-by-shutting-rigs-during-texas-heat)
  6. Nirvana Flash Loan Attack - mini deep dive

What is Nirvana? Buddhist state of bliss? Iconic 90’s band? Nope in this context, Solana Based Yield Protocol (what even is a ‘yield protocol’?). Also, a stablecoin.

@Huntfrye Nirvana Finance, a Solana-based yield protocol. Nirvana allowed users to earn annual yields on their locked assets by creating and destroying tokens based on user demand as the ANA tokens were bought from and sold to the protocol.

Looks pretty similar to some other algorithmic coins that rebase or change supply daily due to demand

Is this Similar to the Beanstock flash loan attack we talked about on I Degen a few episodes back?

  • Hacked for 3.5 MM using FlashLoans

What’s a Flash Loan?

The loans enable merchants to obtain unsecured loans from lenders using smart contracts in place of intermediaries. No collateral is required because the contract only considers the transaction complete when the borrower pays the lender.If a borrower fails to repay a flash loan, the smart contract will halt the transaction and repay the lender’s money. – DeFi Planet


I, Degen - Deep Dives


1) Nomad looted for 190MM by a decentralized mob

What is Nomad?
Nomad is a bridge that allows you to move assets from chain to chain, such as avalanche, Ethereum, Moonbeam, EVMOS, and Milkomeda. “Wow I haven’t even heard of a couple of those”

What happened?
TLDR; ~190 MM, ~2.5 Hours, Initial TX exploiting the bridge, then a swarm of copycats loot the protocol.

Hunt: why not take it all at once? Good question.
Zak: let’s talk about how the hack worked.

How did it happen?

  1. Bridge stores funds - deposit ETH, receive XYZ on Moonbeam
  2. Merkel Tree used to validate cross-chain transactions
After a failed first attempt (costing $350k in gas), the original attacker’s exploit tx, which was copied by those that followed, was able to call the process() function directly, without having first ‘proved’ its validity. rekt.newsThis meant any process() calls could be executed as valid. In fact, a more sophisticated exploiter could have written a contract to drain the whole bridge for themselves.

Initial reports claim the root of the issue was called out in the audit; however, that seems incorrect. Perhaps it was the audit the led the attacker to look at this section of the code. Still, the vulnerability that was exploited appears to have been introduced to the repository on May 23rd and then pushed to the blockchain with an update in June.

DeFi Dominos

The collateral damage from the unbacked assets is also severely affecting the chains that depended on Nomad. Moonbeam, EVMOS and Milkomeda have all taken a significant hit to their TVLs. rekt.news

Hunt: The most interesting and crazy part about this hack to me was that other people noticed the hack going on in real-time, joined in the fun, and were able to withdraw funds. Whether these other users who were getting in on this honey pots were White Hats and trying to take some of the funds before the attacker could, or were they maliciously trying to steal for themselves? Nomad has placed an address on their home page asking for any white hats to return funds to a specific address.

Did you see that meme floating around Twitter? It was a bunch of people looting a stoor who were the copycat hackers after the main attacker busted into the store initially.


2) Solana Wallet Hack

What is Solana?
@Huntfrye Solana is an extremely well-funded alternate layer 1 that boasts as one of the main competitors to Ethereum. Most people agree that Solona has sacrificed some of the decentralization and security to provide extremely high throughput.

What happened?
Roughly 9K addresses on the Solana network were compromised, draining more than 6MM worth of various tokens. For perspective, there are more than 25MM addresses on Solana as of this writing.

11PM UTC on August 2nd, 2022, SOL and USDC started mysteriously being transferred from wallets.

A host of wild theories spread across crypto twitter including fro...