Access hundreds of millions worth of insurance for your crypto assets. Book a call to find out more
Published Aug 9, 2022
By Qredo Team

The Curse of Cross-Chain Bridges: Unpacking The Nomad Hack


  • The Nomad hack was the result of a vulnerability arising from the complex smart contracts used to create a link between two different blockchain architectures. 

  • Qredo takes a completely different approach to blockchain interoperability — not directly bridging blockchains with smart contracts, but rather linking through the Qredochain as an interoperable Layer 2 network. Assets are secured at all times by decentralized MPC.

Back in the Wild West, the biggest heists were train robberies.

In the financial frontier of crypto, assets in transit are also proving to be a lucrative target.

Cross-chain bridge hacks account for 69% of hacks in 2022 so far, according to Chainalysis, with more than $2 billion stolen, and the very idea of cross-chain security coming under scrutiny.

In this post, we unpack the latest cross-chain hack — The Nomad hack of August 2022 — and explain why Qredo offers a better model for blockchain interoperability.

Types of bridge

To move assets between blockchains you can choose between two types of bridge: trusted and trustless.   

  • Trusted bridges use a centralized entity for their operations, requiring you to rely upon the security of a trusted party and surrender control of your assets. This model is antithetical to the peer-to-peer ethos of crypto.

  • Trustless bridges rely on smart contracts and algorithms. You can maintain control over assets, but must rely on the security of the smart contract and the underlying blockchain.

Trustless bridges: a hot target for hackers

Trustless bridges typically work by having smart contracts on each chain. Tokens are locked in a smart contract on one chain, and then reissued on the other chain, often in “wrapped” form.

For example, to move 100 tokens from Solana to Ethereum, the token holder would lock tokens into a bridging smart contract on Solana. The bridging contract would then mint 100 equivalent or wrapped versions of the tokens on Ethereum. 

To return the tokens to the original chain, the token holder would send the tokens back to the smart contract to be burnt, triggering the bridging contract on the other chain to release the tokens.

There are two main reasons why these bridges are continuously targeted by attackers:  

  1. Value

    Cross-chain bridges often hold enormous amounts of assets in their smart contracts.  

  2. Vulnerabilities

    Technical differences in architecture, consensus algorithms, and programming languages can make it very difficult to connect separate blockchains. Errors can easily be made — leading to vulnerabilities that can be exploited by attackers.  

How the Nomad hack happened

The Nomad bridge enables the transfer of tokens between multiple blockchains including Avalanche and Ethereum. In the latest cross-chain exploit, it was drained of cryptoassets worth more than $150M. 

So how did this happen?  

The Nomad bridge has two components: smart contracts on each chain, and off-chain agents that secure and relay state across the chains.

The exploit took advantage of a recent upgrade that left the smart contract on the receiving chain (known as "the Replica Contract") vulnerable to sabotage.

To understand exactly how this happened, we need to be familiar with a specific data structure known as a Merkle Tree (AKA hash tree).

What is a Merkle Tree?

Merkle trees are data structures used in cryptography and data science to  generate unique identifiers for data sets. In blockchain, merkle trees are used to encrypt, summarize, and validate all the data in a block. In this way, they act like a digital fingerprint that quickly verifies that all the data in a block is complete, undamaged, and unaltered when being passed between the peers of a network. One key element of the Merkle Tree is the Merkle Root. This is the hash of all the hashed transactions (called ‘’leaves’’), and represents the integrity of all the data contained in that block.

So what happened with the Nomad bridge? 

Normally, an initialized transaction hash is associated with the Merkle Root hash of the block containing the transaction. This enables validators to check if the transaction has been proven, and update the state of the blockchain. 

The Merkle Root of a message which had not been proven would be 0x00, because the message would be uninitialized. 

As it turns out, during a routine upgrade the Nomad team had accidentally initialized the trusted root to be 0x00. This meant that the Merkle tree was not proving that transactions were valid. 

Thus anyone could simply find an existing transaction withdrawing assets from the bridge, and replace the destination address with their own, before rebroadcasting it to the blockchain to take the assets.

Once the initial attacker had proven this was possible, others quickly joined in — creating what has been called the first ever decentralized looting event.

Qredo's approach to cross-chain interoperability

Like almost every other recent bridge hack, the Nomad hack was the result of a vulnerability in the complex smart contracts used to create a link between two different blockchain architectures. 

Qredo takes a different approach — not directly bridging blockchains with smart contracts, but rather linking through the Qredochain as an interoperable Layer 2 network.

In this way, assets held on Qredo remain secured on the underlying chain at all times, and are backed by the bank-grade security and custom governance of decentralized MPC

The Layer 2 Qredochain then acts as an asset registry, enabling assets to be transacted instantly between crypto wallets on Qredo Network, and deployed to different blockchains through integrations with MetaMask Institutional and WalletConnect.

At all times, assets held in your Qredo Wallet remain under your control, and can only be managed through your governance policies.

Solvency is assured through the Block Explorer, which shows a transparent and immutable record of how each Layer 2 Qredo Wallet is mapped to the underlying network addresses.

open a qredo wallet