Nomad Bridge Drained of Nearly $200M in Exploit

It is important that users come to better understand the different risk profiles between:<p>1. Owning ETH with a non-custodial wallet.<p>2. Owning ETH on a CEX.<p>3. Depositing ETH into a smart contract to receive a wrapped asset. This includes rollups and L2s.<p>The majority of major crypto hacks[1] are in the 3rd group, and almost all of these hacks are related to protocol updates and governance. Either: the developers update their code, and accidentally push a bug, or one address or a group of addresses are allow-listed some privileged actions in the contract and that can become a weak point.<p>Proxying and governance isn&#x27;t the only way to design contracts. Two examples counter to this that are more robust are WETH ($6B) [2] and ETH2 Deposit ($20B) [3] which cannot be attacked in this way. If users wanted a new feature from the WETH contract, they would have to manually migrate over to the new address. Eventually we might see this kind of design be applied to bridges and rollups.<p>[1] <a href="https:&#x2F;&#x2F;rekt.news&#x2F;leaderboard&#x2F;" rel="nofollow">https:&#x2F;&#x2F;rekt.news&#x2F;leaderboard&#x2F;</a><p>[2] <a href="https:&#x2F;&#x2F;etherscan.io&#x2F;address&#x2F;0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2" rel="nofollow">https:&#x2F;&#x2F;etherscan.io&#x2F;address&#x2F;0xc02aaa39b223fe8d0a0e5c4f27ead...</a><p>[3] <a href="https:&#x2F;&#x2F;etherscan.io&#x2F;address&#x2F;0x00000000219ab540356cbb839cbe05303d7705fa" rel="nofollow">https:&#x2F;&#x2F;etherscan.io&#x2F;address&#x2F;0x00000000219ab540356cbb839cbe0...</a>

I really like the permission to fail.<p>I like that there isn’t a “regulatory sandbox” that took half a decade to set up, overfitting for all possibilities that they ultimately couldn’t foresee<p>I like that people take a risk, fail, everyone can see and replicate why it failed, make a post mortum, and attempt a more resilient solution or scrap that concept all together, all over the course of 18 months<p>Just rapidly iterate to the most Machiavellian hardened solution, or dont iterate as long as consumers and investors have not learned how to discern, until they do<p>I like that the bug bounty mindshare has gone to this, instead of wasting time on undervalued corporate bug programs where pricing and eligibility (and liability) is unilaterally decided by the corporation. This externality is the only way corporate bug bounty programs even begin to become an efficient market, as payouts have to rise to attract interest.

So imagine having a cushy, lets be crazy an call it a $1mil&#x2F;year job at a hot crypto startup. Do I keep working, or slip my finger and do<p>&gt;a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad.<p>and retire at 20?