Cross-Chain Protocol Nomad Exploited For More Than $190M

  • Cross-chain protocol Nomad has been exploited for more than $190 million, according to reports, and the drain continues, which means that additional losses might be seen
  • The firm had recently secured funding from Coinbase Ventures, Polychain Capital, and other major firms

Security-first cross-chain messaging protocol Nomad faced serious security exploit later on Monday. The hack has enabled hackers to strategically drain the bridge’s funds over multiple transactions. 

According to the decentralized finance (DeFi) tracking platform, DeFi Llama, the protocol, which allows users to move digital assets between different blockchains, has lost around the entire $190 million in crypto from the bridge. The protocol is reportedly left with around $651 in its wallet.

At 9:32 pm UTC on Monday, a suspicious transaction occurred that may have been the commencement of the ongoing hack. The doubt came when someone removed 100 Wrapped Bitcoin (WBTC) tokens, each valued at around $2.3 million, off the bridge. 

The team confirmed at 11:35 pm UTC that it was aware of the “incident involving the Nomad token bridge,” shortly after the Nomad community began to express concern about the potential hack.

Moreover, it also displayed a warning on Twitter and urged the investors to only follow the official channel.

“We’re aware of impersonators posing as Nomad and providing fraudulent addresses to collect funds. We aren’t yet providing instructions to return bridge funds.”

The hackers stole the funds from the bridge in the form of Wrapped Bitcoin (WBTC), Wrapped Ether (WETH), USD Coin (USDC), Covalent Query Token (CQT), IAGON (IAG), Frax (FRAX), Dai (DAI), Hummingbird Governance Token (HBOT), GeroWallet (GERO), Saddle DAO (SDL), Card Starter (CARDS), and Charli3 (C3).

Because each token was taken in nearly identical denominations, the way the exploiters removed the tokens was peculiar. For instance, more than 200 transactions totaling exactly 202,440.725413 USDC were carried out by the hackers.

In the meantime, the Moonbeam smart contract platform’s native GLMR token was also targeted in the Nomad hack. Moonbeam entered maintenance mode at 11:18 pm UTC “to investigate a security incident,” preventing it from functioning in ways like regular user transactions and smart contract interactions.

Nomad’s hack is the most recent to target “bridges” in cryptocurrency, which enable the transfer of digital assets between otherwise incompatible blockchains.

The hack occurred only days after Nomad revealed the complete list of investors that took part in its $22 million seed round, including prominent names like Polychain Capital, Wintermute, Coinbase Ventures, and Wintermute.

“We believe that secure cross-chain messaging is the key to uniting DeFi ecosystems and unlocking the true power and potential of block space, wherever it may be,”

Nomad stated last week.
Parth Dubey Verified

A crypto journalist with over 3 years of experience in DeFi, NFT, metaverse, etc. Parth has worked with major media outlets in the crypto and finance world and has gained experience and expertise in crypto culture after surviving bear and bull markets over the years.

Latest News