Hundreds of potential exploiters drained all of the Nomad token bridge’s $190 million in just a matter of hours
The Nomad token bridge appears to have experienced a security exploit that has allowed hackers to systematically drain the bridge’s funds over a long series of transactions.
Nomad token bridge drained $190M in funds in security exploit
Nearly the entire $190.7 million in crypto has been removed from the bridge, with only $651.54 left remaining in the wallet. The first suspicious transaction, which may have been the genesis of the ongoing exploit, came at 9:32 pm UTC when someone managed to remove 100 Wrapped Bitcoin (WBTC) worth about $2.3 million tokens from the bridge.
Nomad bridge is getting drained, your funds might be at risk and might be able to still withdraw the remaining funds ⚠️ https://t.co/RgYmjSV9eB
— stani.lens (🌿,👻) (@StaniKulechov) August 1, 2022
Shortly after the community raised alarm bells over the potential exploit, the Nomad team confirmed at 11:35 pm UTC that it was aware of the “incident involving the Nomad token bridge” adding it is “currently investigating the incident.” The team did not immediately respond to a request for comment.
We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.
— Nomad (⤭⛓🏛) (@nomadxyz_) August 1, 2022
The incident has seen WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL), and Charli3 (C3) tokens taken from the bridge.
Exploiters removed tokens in an unusual fashion as each token was removed in nearly equivalent denominations. For example, transactions with exactly 202,440.725413 USDC were executed over 200 times.
Nomad is a token bridge that allows transfers of tokens between Avalanche (AVAX), ethereum (ETH), Evmos (EVMOS), Milkomeda C1, and Moonbeam (GLMR).
Unlike other exploits that have become somewhat commonplace in 2022, this event so far has hundreds of addresses receiving tokens directly from the bridge.
Meanwhile, the Moonbeam smart contract platform from the Polkadot network, whose native GLMR token was one targeted in the Nomad exploit, went into maintenance mode at 11:18pm UTC “to investigate a security incident.” As a result, Moonbeam’s functionality such as regular user transactions and smart contract interactions will be disabled.
2/ During this time, functionality will be limited and you will be unable to execute regular user transactions and smart contract interactions. Democracy, staking, the ability to unpause and upgrade will remain in effect. We will provide a more detailed update shortly.
— Moonbeam Network #HarvestMoonbeam (@MoonbeamNetwork) August 1, 2022
The attack is untimely for the bridge which and its seed round investors from a fundraise in April. On July 29, the project revealed in a tweet that Coinbase Ventures, OpenSea, and five other major companies in the crypto industry participated in an April seed round fundraising which landed Nomad a $225 million valuation.
- The Passing Of A Malicious Governance Proposal Of Audius Resulted In Hackers Making Away With $1 Million
- Solana-Based Algorithmic Stablecoin NIRV Become The Latest Stablecoin To Fail Following A Hack On Adaptive Yield Protocol Nirvana Finance