Nomad lost $200 million after its bridge suffered an exploit

Nomad has suffered one of the biggest exploits in the decentralised finance (DeFi) space since the start of the year.


The Nomad team revealed on Monday that it had suffered an exploit. The cross-chain token bridge Nomad has lost virtually all the funds within the protocol following this attack.

According to the latest reports, the protocol has lost roughly $200 million in this attack. 

Nomad is a cross-chain bridge that allows users to send and receive tokens between various blockchains. The exploit on Monday further highlights the security concerns regarding cross-chain bridges. 

In a statement to CoinDesk, the Nomad team said; 

“An investigation is ongoing, and leading firms for blockchain intelligence and forensics have been retained,” the team said. “We have notified law enforcement and are working around the clock to address the situation and provide timely updates. Our goal is to identify the accounts involved and to trace and recover the funds.”

On Twitter, @samczsun, a researcher at crypto investment firm Paradigm, took the time to explain the exploit in detail.  

According to the researcher, the attacker took advantage of a recent update to one of Nomad’s smart contracts, which made it easy for users to spoof transactions. The update allowed users to withdraw money from the Nomad bridge that wasn’t theirs. 

The researcher added that, unlike the other cross-chain hacks where it was perpetrated by a single culprit, Nomad’s attack was a free for all. He said;

“It turns out that during a routine upgrade, the Nomad team initialized the trusted root to be 0x00. To be clear, using zero values as initialization values is a common practice. Unfortunately, in this case, it had a tiny side effect of auto-proving every message.

This is why the hack was so chaotic – you didn’t need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person’s address with yours, and then re-broadcast it”

Nomad’s exploit comes a few months after the Wormhole bridge lost $300 million to hackers. Axie Infinity’s Ronin Bridge suffered the heaviest attack in the cross-chain history, losing over $600 million to the hackers. 

All Dutch and English crypto news!

Biden is hiring 87,000 new IRS agents — and they’re coming for you

The Inflation Reduction Act, signed into law this month by President Joe Biden, empowers the IRS with nearly $80 billion in new funds. The world's...

SBI lost 40% of hash rate after stopping mining in Russia: Data

Japanese financial giant SBI Holdings has partly terminated cryptocurrency mining in Russia due to geopolitical uncertainty and the crypto winter. SBI Holdings suspended mining operations in...

NFTs democratize music industry and redistribute song rights

The music industry continues to find inventive ways to integrate decentralized technology into new releases to benefit both artists and their fans.  Electronic dance music (EDM)...

Nearly $55M worth of Bored Ape, CryptoPunks NFTs risk liquidation amid debt crisis

Many owners of precious Bored Ape Yacht Club (BAYC) and CryptoPunks NFTs, who used them as collateral to take out loans in Ether (ETH), have...

Beste exchanges

Koop je crypto bij Bitvavo