Hackers drain over $190M from Nomad bridge making it the 4th largest hack in DeFi

An exploit became available after a routine upgrade from the team.
Hackers drain over $190M from Nomad bridge making it the 4th largest hack in DeFi

Nomad, a protocol that lets users transfer digital assets across different blockchains, has been drained out completely over a series of transactions in what appears to be a security exploit. 

The breach has allowed hackers to move out Nomad’s entire 190M TVL, with only $4.5k remaining, according to DefiLlama data. 

The first suspicious transfer, followed by a long list of transactions, occurred at 9:32pm UTC allowing someone to move 100 WBTC (Wrapped Bitcoin) worth approx $2.3 million away from the bridge. 

The Nomad team posted a confirmation on Twitter at 11:35pm UTC, insisting that they were investigating the issue. 

According to Twitter user samczsun, who tried to explain the exploit in a detailed thread, hackers were able to spoof messages and impose as Nomad to redirect funds to their wallets. 

Wrapped Ether (WETH), WBTC, USDC, Frax (FRAX), Charli3 (C3), IAGON (IAG), Hummingbird Governance Token (HBOT), and Dai (DAI) were some of the tokens locked in the bridge that have been stolen. 

Unlike other attacks, which have become quite common for bridges, this one consisted of hundreds of wallets receiving small amounts of transfers which could be due to multiple parties partaking in the hack after it was found. 

Nomad completed a seed funding round as recently as April, which saw participation from Coinbase Ventures and Opensea, valuing it at $225 million. 

All articles published on Coinmash are strictly for informational purposes only. Any action that is taken from reading content published on this website is done at your own risk. 

About the Author
James Satoshi
James Satoshi
James is a leader in Web3, NFTs, & DeFi. You'll spot him covering all topics through-out Coinmash - some say he's so good he doesn't even seem real.