Nomad Crypto Bridge Drained of Nearly $200 Million in “Chaotic” Attack
Read also: More than 8K Solana wallets compromised in yet another hack, thousands of mobile apps leak Twitter API keys, and more.
Thursday, August 4, 2022
Nomad is the latest victims of a multimillion-dollar hack
Nomad, a bridge protocol for transferring crypto tokens across different blockchains, has been robbed of nearly $190 million in various cryptocurrency in what has been described as one of DeFi’s most chaotic attacks ever seen. This is one of the most extensive hacks to date.
Nomad has acknowledged the incident on Twitter and said that the attack is being investigated. While the details on the heist has been scarce, a security researcher pointed to a recent update to one of Nomad’s smart contracts that allowed users to spoof transactions. As blockchain security firm Certik explained, the exploit occurred when a routine upgrade allowed verification messages to be bypassed on Nomad, which allowed attackers to copy/paste transactions and thus drain the bridge of almost all funds.
A day after the attack hackers returned $9 million to Nomad.
Thousands of Solana crypto wallets compromised, millions stolen
In a similar, but separate incident, hackers targeted Solana, a popular blockchain known for its speedy transactions, with users reporting that funds have been drained from Solana “hot” wallets.
Solana said in a tweet that the attack affected nearly 7,767 wallets, impacting users of both mobile and browser extensions. At the same time, other reports indicate that over 8,000 wallets have been affected, with estimated loss of nearly $8 million.
It’s unclear at this point how exactly the attack was carried out, although some researchers suggest that a supply chain attack could be involved that allowed thieves to obtain users’ private keys. Solana said that there is no evidence that the Solana protocol and its cryptography was compromised.
Luxembourg energy supplier Creos hit with ransomware
A cybercrime group behind the AlphV\BlackCat ransomware operation has claimed responsibility for the attack on Creos, a company that manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. On their dark web leak site the group announced they stole over 150 GB of corporate data.
Creos’ parent company Encevo Group said that the incident took place on the night of July 22-23, 2022 and that files were exfiltrated from its computers or rendered inaccessible as a result of the cyber-attack. The company also said that there was no impact on gas and electricity supply. The investigation into the breach is still ongoing and has yet to determine what data was compromised.
In a separate incident, German power electronics manufacturer Semikron has reportedly been hit with an LV ransomware attack, with the hackers claiming to have stolen 2TB worth of documents from the company’s systems.
An ongoing large-scale AiTM phishing campaign is targeting enterprise email accounts
Security researchers have warned of a new, large-scale phishing campaign, which uses adversary-in-the-middle (AiTM) and other techniques to bypass email security and network security solutions and compromise corporate email accounts.
First observed in June 2022, the campaign is aimed at users in enterprises that use Microsoft's email services. Key targets include fintech, lending, insurance, energy, manufacturing, and federal credit union verticals in the US., UK, New Zealand, and Australia. At the time of writing, the campaign is still active, with the threat actor behind it registering new phishing domains almost every day.
Over 3,000 apps are leaking Twitter API keys
Researchers have found that more than 3,000 mobile applications were leaking Twitter API keys, exposing users of the apps to the risk of hijacking their Twitter accounts. By gaining access to the accounts, threat actors could create an army of bots to spread the mis/disinformation, malware, or spam through Twitter.
A total of 3,207 apps were identified that leaked valid Twitter Consumer Key and Secret Key information. 230 of the observed apps were found leaking OAuth access tokens and access secrets as well.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
