| Recurring |
unknown |
a) The software failure incident related to the theft of $190 million from Nomad's bridge is a unique incident that has not been reported to have happened again within the same organization or with its products and services [131333].
b) There is no information in the provided article about a similar incident happening before or again at other organizations or with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in Article 131333 occurred due to a flaw in Nomad's coding, specifically in the smart contract used for the cryptocurrency bridge. An "upgrade" to the smart contract led to an exploit that allowed individuals to steal funds from the protocol. This flaw was a result of the development phase, where changes to the smart contract introduced vulnerabilities that were exploited by malicious actors [131333].
(b) The operation phase also played a significant role in the software failure incident. The exploit allowed individuals to easily copy-and-paste a script to withdraw funds from the compromised smart contract. This operation-related failure was facilitated by the decentralized nature of the system, where transactions could be pushed through and replicated without proper authorization. The misuse of the system by exploiting the flaw in the smart contract led to the draining of $190 million from Nomad's bridge [131333]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in this case was primarily due to bad code and a flaw in Nomad's coding that allowed people to steal money by exploiting a flaw in the smart contract. The exploit was a result of an "upgrade" to the smart contract that led to unauthorized transactions being approved and replicated, leading to the draining of $190 million from Nomad's bridge [Article 131333]. The flaw within the system allowed individuals to manipulate transactions and withdraw funds without proper authorization, highlighting an internal vulnerability within the software system. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case occurred due to non-human actions, specifically bad code and a flaw in Nomad's coding that allowed people to exploit the smart contract without human intervention. The exploit was a result of an "upgrade" to the smart contract that led to an exploit that anyone could take advantage of, allowing funds to be drained from the protocol [Article 131333].
(b) However, human actions were also involved in the incident as individuals took advantage of the flaw in the smart contract by copying and pasting the exploit script to withdraw funds. Some exploited the smart contract with public wallet addresses that are traceable, and many sent the funds back claiming to be acting in good faith [Article 131333]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in Article 131333 occurred due to contributing factors that originate in software. The incident involved a flaw in Nomad's coding that allowed people to steal money by exploiting a smart contract. The exploit was a result of an "upgrade" to the smart contract that led to unauthorized transactions being approved and replicated, enabling the theft of over $190 million from the protocol [131333]. The exploit did not stem from hardware issues but rather from vulnerabilities in the software code that allowed for unauthorized transactions and fund withdrawals.
(b) The software failure incident in Article 131333 was primarily attributed to software-related factors. The flaw in Nomad's coding, which allowed for the theft of funds, was a result of a breakdown in the smart contract due to an upgrade that introduced the exploit. The incident did not stem from hardware failures but rather from vulnerabilities in the software code that were exploited by malicious actors [131333]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident related to the Nomad bridge losing $190 million was malicious in nature. The incident was described as a "decentralized robbery" where a flaw in Nomad's coding allowed individuals to steal money by exploiting a flaw in the smart contract. The exploit was facilitated by an upgrade to the smart contract that allowed unauthorized transactions to be approved and replicated, resulting in the draining of funds from the protocol [Article 131333]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was due to poor_decisions. The incident was a result of bad code in Nomad's bridge, a cryptocurrency protocol, which allowed individuals to drain $190 million by exploiting a flaw in the coding. The exploit occurred after an "upgrade" to the smart contract, which inadvertently allowed unauthorized transactions to be approved and replicated, leading to the massive loss of funds [Article 131333]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in Article 131333 occurred due to development incompetence. The incident was a result of bad code in Nomad's bridge, a cryptocurrency protocol, which allowed individuals to drain $190 million by exploiting a flaw in the coding. The exploit was facilitated by an "upgrade" to the smart contract that inadvertently allowed unauthorized transactions to be approved and replicated, leading to the massive loss of funds [131333].
(b) Additionally, the incident can also be categorized as accidental, as the exploit was not intentional but rather a consequence of the vulnerability introduced by the flawed upgrade to the smart contract. The exploit was described as chaotic, with individuals being able to easily copy and paste the script used by the initial exploiter to redirect funds to their own wallets. This ease of exploitation highlights the accidental nature of the incident, as it was not a deliberate act but a result of the vulnerability in the system [131333]. |
| Duration |
temporary |
(a) The software failure incident in this case appears to be temporary. The incident was caused by a flaw in Nomad's coding that allowed people to exploit the smart contract and steal funds. This flaw was a result of an "upgrade" to the smart contract that led to an exploit that anyone could take advantage of [131333]. The exploit allowed individuals to withdraw significant amounts of money from the protocol within a short period of time. The incident was characterized by a rapid drain of $190 million from Nomad's bridge due to the vulnerability in the smart contract, indicating a temporary failure caused by specific circumstances introduced by the exploit. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident in the article can be categorized as a crash. The flaw in Nomad's coding led to a situation where people were able to exploit the smart contract and drain $190 million from the protocol. This resulted in the system losing control over the funds and not performing its intended function of securely managing the cryptocurrency deposits [131333].
(b) omission: The incident can also be linked to omission. The flaw in the smart contract allowed unauthorized transactions to be approved and replicated, leading to the omission of the system's intended function of validating and securing transactions. This omission resulted in the loss of funds from the smart contract [131333].
(c) timing: The timing of the failure can be considered as a contributing factor. The exploit began around 9:13 a.m. PT, and within a short period, a significant amount of funds were drained from the protocol. The timing of the exploit allowed the attackers to swiftly siphon off funds before corrective actions could be taken, highlighting a timing-related aspect of the failure [131333].
(d) value: The software failure incident can also be attributed to a value-related failure. The exploit led to the system performing its intended functions incorrectly by allowing unauthorized transactions to be processed and funds to be withdrawn without proper authorization. This incorrect behavior resulted in a substantial loss of value, with $190 million being drained from the smart contract [131333].
(e) byzantine: The incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The exploit in this case was more focused on taking advantage of a specific flaw in the smart contract to drain funds, rather than exhibiting inconsistent behavior or responses [131333].
(f) other: The other behavior observed in this software failure incident is the ease with which the exploit could be replicated. Individuals were able to copy and paste the script used by the initial exploiter, replacing the wallet address with their own, and execute the same exploit. This behavior of easily replicating the exploit by copying and pasting the script contributed to the chaotic nature of the hack and the rapid loss of funds from the smart contract [131333]. |