Companies Affected by the $200M Nomad Bridge Attack

The Nomad token bridge appears to have experienced a security exploit that has allowed hackers to systematically drain a significant portion of the bridge’s funds over a long series of transactions.

The cross-chain token bridge was exploited Monday, with attackers draining the protocol of virtually all of its funds. The total value of cryptocurrency lost to the attack totaled near $200 million.

Nomad, like other cross-chain bridges, allows users to send and receive tokens between different blockchains. Monday’s attack is the latest in a string of highly publicized incidents that have drawn the security of cross-chain bridges into question. Hundreds of potential exploiters, and even some white hat do-gooders who intend to return funds, appear to have removed all of the bridge’s $200 million in TVL in hours.

This is a whitehack. I plan to return the funds. Waiting for official communication from Nomad team (please provide an email id for communication). I have not swapped any assets even after knowing that USDC can be frozen. Transferred USD…https://t.co/ffWoS2kOSA

— Notifi Bot (@notifi_xyz) August 2, 2022

The Nomad Bridge Exploited by White Hat Friends

Nearly the entire $190.7 million in crypto has been removed from the bridge, with only $651.54 left remaining in the wallet, according to decentralized finance (DeFi) tracking platform DefiLlama.

However, Nomad later suggested to Cointelegraph that some of the funds were withdrawn by “white hat friends” who took them out to safeguard them.

Nomad bridge is getting drained, your funds might be at risk and might be able to still withdraw the remaining funds ⚠️ https://t.co/RgYmjSV9eB

— stani.lens (🌿,👻) (@StaniKulechov) August 1, 2022

Nomad reported in an email on Tuesday that at least some of the people who took funds acted benevolently to protect the crypto from getting into the wrong hands. The team added that it had retained the services of “leading firms for blockchain intelligence and forensics:”

“Nomad has notified law enforcement and is working around the clock to address the situation and provide timely updates. It’s goal is to identify the accounts and trace and recover the funds and it is grateful to its many white hat friends who reacted quickly to withdraw and safeguard the funds.”

We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.

— Nomad (⤭⛓🏛) (@nomadxyz_) August 1, 2022

Companies Affected by the Nomad Attack

Since many partners use Nomad assets (on different chains), many names will inevitably be affected after this incident.

Peckshield also posted a list of wallets involved in the attack, including white hat hacker wallets who actively hacked to get money back to its users.

#PeckShieldAlert PeckShield has detected ~41 addresses grabbed ~$152M (~80%) in the @nomadxyz_ bridge exploit, including ~7 MEV Bots (~$7.1M), @RariCapital Arbitrum exploiter (~$3.4M), and 6 White Hat (~$8.2M).
~10% of these addresses with ENS names getting $6.1M pic.twitter.com/UUjk7ZiiKE

— PeckShieldAlert (@PeckShieldAlert) August 2, 2022

Moonbeam

Nomad is one of the leading bridge platforms on Moonbeam’s ecosystem, and the theft of most of the security assets at the Ethereum bridgehead may affect the value of some assets at the bridgehead. Moonbeam’s Twitter homepage said that the attack on the bridge caused the number of assets at the Ethereum bridge to be wiped out.

1/ Earlier today, there was a security incident that impacted the @nomadxyz_ bridges to Moonbeam. Nearly all the assets in Nomad’s Ethereum Mainnet smart contract have been drained. We have found no evidence that the recent security incident was related to the Moonbeam codebase.

— Moonbeam Network (@MoonbeamNetwork) August 2, 2022

Also, this morning, Moonbeam had to “suspend” the blockchain for 4 hours to conduct the “Maintenance” process. At the time of writing, the maintenance process had been completed, and the Moonbeam team said that no vulnerabilities related to the above attack had been discovered.

Connext

Connext is a team that has a close relationship with the bridge. Many sources believe that Connext derives its liquidity from Nomad and may suffer significant losses after this incident. However, Arjun (project representative) said that Connext only stores madUSDC assets (i.e., USDC certificates on the Nomad bridge).

We are aware of the exploit of the @nomadxyz_ contracts on Ethereum.

Users of Connext are not directly affected by this exploit.

However, madAssets held by users on Moonbeam, Milkomeda, and Evmos may now be unbacked by corresponding assets on Ethereum.

1/

— Connext | ✖chain composability 🧱 (@ConnextNetwork) August 2, 2022

Evmos

Evmos was the rarest case when the price of EVMOS coin skyrocketed after the Nomad attack. The reason for this fluctuation is that madUSDC lost its price anchor at the Ethereum bridgehead, causing many people to seek to sell this asset to EVMOS to avoid loss of asset value. However, the lack of liquidity and a large number of users landed, causing the price of EVMOS to build up a column quickly.

$EVMOS is pumping hard following the Nomad bridge exploit

Everybody tries to convert their Nomad $USDC to $EVMOS pic.twitter.com/8LZbgIqoIc

— Yield God 📈 (@YieldGod) August 1, 2022

The Evmos team said this vulnerability is not related to the network, and the Evmos chain is still working usually.

A couple hours ago, the Nomad ERC20 bridge contract was exploited. Most assets have been drained. We’re working closely with the Nomad team and will follow up as we get more info.

Rest assured, the Evmos chain is functioning properly. This is strictly a bridge exploit. (1/3)

— Evmos is Hiring ☄️ (@EvmosOrg) August 2, 2022