How Did the Nomad Bridge Get Drained?


On Monday, August 1st, samczsun noticed something strange.

A massive amount of assets were suddenly leaving the Nomad Bridge. He didn’t know what was happening, but he knew that the hefty volume of funds departing the bridge was a bad sign.

samczsun is a white hat crypto hacker and researcher at the crypto investment firm, Paradigm. While he is a largely private figure in the industry, he is prolific in his security research, finding countless vulnerabilities in Ethereum over the past three years. It’s no surprise that he noticed the Nomad attack quickly.

It is now believed that this hack is one of the most significant crypto attacks in history. The Nomad Bridge hack ranks as the eighth-largest attack of all time. Ironically, the hackers were not particularly technically savvy. An upgrade provided a bug in the system; hackers saw their opportunity – and they ran with it.

After the attack, $190 million was looted from the Nomad Bridge.

The Nomad Bridge

A blockchain bridge is a protocol that connects two blockchains in order to enable interaction between the chains.

The Nomad Bridge is a protocol that connects a handful of blockchains such as Ethereum, Moonbeam, Evmos, Milkomeda C1, and Avalanche. This bridge runs on-chain smart contracts that distribute bridged funds, and it uses off-chain agents to verify and transmit messages between blockchains. (Nomad is a message-passing protocol. It allows cross-chain applications to be built on top of it. A token bridge is one of the applications on top of Nomad.)

The bug that resulted after Nomad’s update was located in Nomad’s token bridge. The Nomad update opened the door for the hackers to steal funds, depleting the bridge of $190 million.

Why Did This Happen?

Layne Haber, Co-Founder of Connext Network, recently sat down with Laura Shin and explained what happened.

“After an upgrade, the token bridge had a bug in it. The bug would process messages that weren’t proven in this root – so they hadn’t gone through the optimistic fraud window.

This allowed any message to be processed by this contract. Hackers were able to put out messages that said they were withdrawing funds and to please unlock the contracts, and they were able to drain the funds.”

Free for All

The hack has been described as a “free for all” because the bad actors that robbed the bridge were not technically savvy. 

“All one had to do was copy the first hacker’s transaction and change the address, then hit send through Etherscan.” – @ FatManTerra – Cryptocurrency & finance researcher.

What Next?

Nomad has begun to recoup its losses. The company has reported that $32 million has been returned, thanks in part to white hat hackers along with a few incentives. Nomad has stated that they will not pursue legal action against anyone who returns at least 90% of the funds to the official recovery wallet address. They’ve also promised rAAVE tickets to anyone returning assets.

There are always risks associated with any new technology–especially in Web3–as thieves stand ready (24-7) to exploit bugs in the system and pad their wallets with stolen funds. However, there are many honest people with their eyes continuously open. They ring the alarm bells when they see suspicious activity. samczsun is one of them. 

Thanks to his ongoing security research, companies are better able to discover how they were hacked and how they can better secure their technology and business processes. 

About Kit

Kit Campoy is a former retail professional turned freelance writer. She writes about Leadership, Retail, and Web3. Contact Kit for your content needs.