> tl;dr a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all
From this explainer:
> It’s [Nomad is] built to address security first The Nomad team has been building secure bridges as a team for 4+ years and has studied the pitfalls of multi-sig and validator-based bridges.
Assuming this is true, and assuming the team is not incompetent or composed of the typical grifters, perhaps it's time to draw the inevitable conclusion. No amount of experience is sufficient to safeguard an Ethereum protocol of any interesting complexity.
It's a reasonable question to ask, WTF is Nomad for? After all, isn't Ethereum supposed to be the World Computer, Turing complete and ready for any task? Nope. Never was.
I think a good chunk of the answer can be found on the home page:
> Nomad reduces gas fees by a factor of 10x relative to traditional header relay systems, while remaining decentralized.
That world computer is choked to the gills with accumulated waste. The proliferation of chains is the response. Each one is less secure than its forebear. Gobbledygook like Nomad is the "connective tissue" to get the various organs of this science project talking to each other.
Dive deeply enough down and you find the root of it all: everybody wants to make the next Bitcoin, Ethereum, Cardano, Polkadot, and so on. With each turn of the crank a new crop of Barnums springs up to take the money of an unending supply of digital rubes.
From this explainer:
> It’s [Nomad is] built to address security first The Nomad team has been building secure bridges as a team for 4+ years and has studied the pitfalls of multi-sig and validator-based bridges.
https://medium.com/imperator-guide/nomad-a-cross-chain-inter...
Assuming this is true, and assuming the team is not incompetent or composed of the typical grifters, perhaps it's time to draw the inevitable conclusion. No amount of experience is sufficient to safeguard an Ethereum protocol of any interesting complexity.
It's a reasonable question to ask, WTF is Nomad for? After all, isn't Ethereum supposed to be the World Computer, Turing complete and ready for any task? Nope. Never was.
I think a good chunk of the answer can be found on the home page:
> Nomad reduces gas fees by a factor of 10x relative to traditional header relay systems, while remaining decentralized.
https://www.nomad.xyz
That world computer is choked to the gills with accumulated waste. The proliferation of chains is the response. Each one is less secure than its forebear. Gobbledygook like Nomad is the "connective tissue" to get the various organs of this science project talking to each other.
Dive deeply enough down and you find the root of it all: everybody wants to make the next Bitcoin, Ethereum, Cardano, Polkadot, and so on. With each turn of the crank a new crop of Barnums springs up to take the money of an unending supply of digital rubes.