Nomad token bridge drained of $190M in funds in security exploit

Nomad token bridge drained of $190M in funds in security exploit

August 2, 2022 0 By Cointelegraph By Brian Newar

Hundreds of potential exploiters, and even some white hat do-gooders who intend to return funds, appear to have removed all of the bridge’s $190 million in TVL in just a matter of hours.

Breaking news

The Nomad token bridge appears to have experienced a security exploit that has allowed hackers to systematically drain a significant portion of the bridge’s funds over a long series of transactions.

Nearly the entire $190.7 million in crypto has been removed from the bridge, with only $651.54 left remaining in the wallet, according to decentralized finance (DeFi) tracking platform DefiLlama.

However, Nomad later suggested to Cointelegraph that some of the funds were withdrawn by “white hat friends” who took the funds out with the intention of safeguarding them.

Nomad bridge is getting drained, your funds might be at risk and might be able to still withdraw the remaining funds ⚠️

— stani.lens (,) (@StaniKulechov)

August 1, 2022

The first suspicious transaction, which may have been the genesis of the ongoing exploit, came at 9:32 pm UTC when someone managed to remove 100 Wrapped Bitcoin (WBTC), worth about $2.3 million, tokens from the bridge.

Shortly after the community raised alarm bells over the potential exploit, the Nomad team confirmed at 11:35pm UTC that it was aware of the “incident involving the Nomad token bridge” adding it is “currently investigating the incident.”

Nomad reported in an emailed response to Cointelegraph on Tuesday that at least some of the people who took funds were acting benevolently to protect the crypto from getting into the wrong hands. The team added that it had retained the services of “leading firms for blockchain intelligence and forensics:”

“Nomad has notified law enforcement and is working around the clock to address the situation and provide timely updates. Nomad’s goal is to identify the accounts involved and to trace and recover the funds. Nomad is grateful to its many white hat friends who reacted quickly to withdraw and safeguard the funds.”

So far, at least one individual has come out and offered to act as a white hat hacker who intends to return the funds they took from the bridge. The individual going by Notifi Bot on Twitter reached out to Nomad in a tweet stating, “This is a whitehack. I plan to return the funds.”

This is a whitehack. I plan to return the funds. Waiting for official communication from Nomad team (please provide an email id for communication). I have not swapped any assets even after knowing that USDC can be frozen. Transferred USD…

— Notifi Bot (@notifi_xyz)

August 2, 2022

The incident has seen WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL) and Charli3 (C3) tokens taken from the bridge.

Exploiters removed tokens in an unusual fashion, as each token was removed in nearly equivalent denominations. For example, transactions with exactly 202,440.725413 USDC were executed over 200 times.

Nomad is a token bridge that allows transfers of tokens between Avalanche, Ethereum, Evmos, Milkomeda C1, and Moonbeam.

Unlike other exploits that have become somewhat commonplace in 2022, this event so far has hundreds of addresses receiving tokens directly from the bridge.

Meanwhile, the Moonbeam smart contract platform from the Polkadot network, whose native GLMR token was one targeted in the Nomad exploit, went into maintenance mode at 11:18 pm UTC “to investigate a security incident.” As a result, Moonbeam’s functionality, such as regular user transactions and smart contract interactions, will be disabled.

1/ Important Notice: The Moonbeam Network has gone into Maintenance Mode in order to investigate a security incident with a smart contract deployed on the network.

— Moonbeam Network #HarvestMoonbeam (@MoonbeamNetwork)

August 1, 2022

The attack is untimely for the bridge that its seed round investors fundraised in April. On Friday, the project revealed in a tweet that Coinbase Ventures, OpenSea and five other major companies in the crypto industry participated in an April seed round fundraising, which landed Nomad a $225 million valuation.

Updated with a tweet from the potential white hat hacker and a statement from Nomad about the incident which was sent to Cointelegraph on Tuesday.

You can read the original article here —> [ Read More ]

New reasons to get excited everyday.

Get the latest tech news delivered right in your mailbox

5 Reasons Why You Should Try Online Horse Race Betting

In many places around the world, horse races are an attraction that a lot of people love to watch. With the fast-paced action and thrill that each game provides, it is no longer surprising to know that millions of fans have grown fond of it.

NordLayer — more than a business VPN

Cybersecurity threats have become vast and more sophisticated. The rate of malware attacks and malicious activity counts within seconds despite the size or sector the organization belongs to — no one is safe enough to expect that foe actors will bypass vital company resources.


Don't miss a beat!!

We’d love to keep you updated with the latest tech news from across the internet!

Don't worry, we don’t spam!

* Popular *
Would love your thoughts, please comment.x