Aug 02, 2022 Camille A. Hanard

Nomad Bridge hacked in a $190 million exploit

Nomad, a cross-chain bridge used to transfer tokens across EVM chains, was exploited yesterday, with hundreds of potential attackers draining the bridge’s $190 million in TVL over a long series of transactions.

This attack comes four days after Nomad announced the list of investors who took part in its $22.4 million seed funding round which included prominent investors like Coinbase Venture, OpenSea, Polychain Capital, and others.

According to on-chain data, the first suspicious transaction occurred at 9:32 pm UTC on August 1, removing 100 WBTC worth $2.3 million from Nomad. Shortly after the community noticed the suspicious activity and alarmed of possible exploit, the Nomad team acknowledged the attack and assured that the incident is under investigation.

Unlike other similar attacks, this exploit involved hundreds of addresses that received tokens directly from the Nomad bridge, moreover, each token was transferred in equal denominations. Soon after the incident, the Moonbeam network, whose native GLMR token was one of the targeted assets went into maintenance mode “to investigate a security incident”, but a few hours later resumed operations as “the investigation found no evidence that the recent security incident was related to the Moonbeam codebase”.

According to the crypto researcher @samczsun this attack has been made possible due to a flaw in Nomad’s Replica contract, where the Nomad team initialized the trusted message root to be 0x00. Though the researcher states that “using zero values as initialization values is a common practice”, this has resulted in a side effect of “auto proving every message”. The attacker just needed to find a transaction that worked, find/replace the receiver's address, and re-broadcast it. “Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all”.

As of the time of this writing, the Nomad bridge is still not operational, after it was halted following the incident.

Recent news:

Video Tutorials