Hackers drain over $190M from Nomad bridge making it the 4th largest hack in DeFi

An exploit became available after a routine upgrade from the team.
Hackers drain over $190M from Nomad bridge making it the 4th largest hack in DeFi

Nomad, a protocol that lets users transfer digital assets across different blockchains, has been drained out completely over a series of transactions in what appears to be a security exploit. 

The breach has allowed hackers to move out Nomad’s entire 190M TVL, with only $4.5k remaining, according to DefiLlama data. 

The first suspicious transfer, followed by a long list of transactions, occurred at 9:32pm UTC allowing someone to move 100 WBTC (Wrapped Bitcoin) worth approx $2.3 million away from the bridge. 

The Nomad team posted a confirmation on Twitter at 11:35pm UTC, insisting that they were investigating the issue. 

According to Twitter user samczsun, who tried to explain the exploit in a detailed thread, hackers were able to spoof messages and impose as Nomad to redirect funds to their wallets. 

Wrapped Ether (WETH), WBTC, USDC, Frax (FRAX), Charli3 (C3), IAGON (IAG), Hummingbird Governance Token (HBOT), and Dai (DAI) were some of the tokens locked in the bridge that have been stolen. 

Unlike other attacks, which have become quite common for bridges, this one consisted of hundreds of wallets receiving small amounts of transfers which could be due to multiple parties partaking in the hack after it was found. 

Nomad completed a seed funding round as recently as April, which saw participation from Coinbase Ventures and Opensea, valuing it at $225 million. 

Disclaimer
All articles published on Coinmash are strictly for informational purposes only. Coinmash has no involvement with any assets discussed and urges everyone to do their own research before making any financial decisions.

AUTHOR