Nomad Bridge Exploit: Firm Gives Update

The Nomad exploit on the 2nd of August drained the bridge of almost $190 million. According to blockchain security Peckshield, over 300 addresses were involved in committing the exploit. The security firm said that the hackers used a flaw in Nomad’s smart contract.

Nonetheless, Nomad has shared an update on the situation via their Twitter handle. The company works with multiple analysis firms and law enforcement agencies to trace and recover the funds. The company is setting up a recovery address for white hats to return the funds. Moreover, the firm is working on a technical plan of action, and they said they would inform the public when the plan was ready.

8-1-2022 incident update pic.twitter.com/EX8r4Ybvre

— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022

How was Nomad exploited?

While speaking to The Block, Peckshield said that an unknown hacker discovered a vulnerability in the smart contract on Monday. The hacker quickly stole nearly $95 million from the bridge, and many other hackers followed suit to take advantage of this flaw. It is estimated that over 300 addresses were draining the bridge of its funds.

Nonetheless, the security firm stated that not all actors were malevolent, and at least 6 were white hats who would return the funds taken. In addition, the white hat hackers took about $8.2 million from the bridge.

Furthermore, it has come to light that the exploit indirectly affected Cardano users. The Nomad protocol was deployed to the Milkomeda C1 layer-2 sidechain, and the C1 side chain allowed Ethereum DApps to be deployed in the Cardano ecosystem.

Milkomeda took to Twitter and shared the news with the community.

We are aware of the Nomad exploit. Unfortunately, we can't control what happens to other projects. This does not affect the base Milkomeda protocol, but Nomad is one of multiple bridges deployed to Milkomeda so users of Nomad-based assets on Milkomeda & Cardano are affected.

— Milkomeda (there is no token) (@Milkomeda_com) August 2, 2022

Cardano-focused Twitter handles “ADA Whale” and shared concerns regarding the news.

Terrible news about the Nomad hack, indirectly affecting a lot of people on Cardano. Risk manager’s gut feeling / intuition strikes again, unfortunately 🙁 pic.twitter.com/i7m6FSExFB

— ADA whale (@cardano_whale) August 2, 2022

Furthermore, OKLink shared some additional details regarding the exploit. According to the blockchain explorer, 1251 addresses were affected. Moreover, 12 ENS addresses were involved, accounting for 38% of the addresses. Additionally, 739 trading addresses were exploited, accounting for 60% of the affected addresses.

OKLink shows that the Nomad Bridge attack involved 1,251 addresses, with $190m; including 12 ENS addresses, accounting for about 38%; after exploiting for profit, the number of addresses that directly traded reached 739, accounting for nearly 60%. https://t.co/N0CdEBzLjs

— Wu Blockchain (@WuBlockchain) August 3, 2022

Nonetheless, Nomad is actively investigating the situation. The community should get an update on the same very soon.