Crypto Bridge Nomad drained of nearly $200m in security exploit

Nomad, a bridge protocol for transferring crypto tokens across different blockchains, lost close to $200m in a security exploit on August 1, according to security firm PeckShield.

The software system was drained of funds over hours and in small batches by various accounts, blockchain data shows.

“An investigation is ongoing and leading firms for blockchain intelligence and forensics have been retained,” the company said in a statement. “Nomad’s goal is to identify the accounts involved and to trace and recover the funds.”

The attack makes Nomad the latest bridge to suffer an exploit this year. Bridges are software that enable different types of blockchains and their respective tokens to interoperate, rather than work in silos.

They have become frequent victims of hacks in recent years, with more than $1bn stolen from bridges in 2022, according to a June report by forensics firm Elliptic.

Axie Infinity’s Ronin bridge lost about $600m in March and Harmony’s Horizon was drained of $100m in June.

The hack comes days after Nomad announced the full list of investors in its $22m seed round, which was led by Polychain Capital, with participation from backers including Ethereal Ventures, Hack VC, Coinbase Ventures and Crypto.com Capital.

Nomad, which describes itself as a “security-first” cross-chain messaging protocol, had a vulnerability in its code that allowed attackers to broadcast fake messages and drain funds, PeckShield said.

One of the exploiters on Nomad was also involved in the $80m hack from Rari Capital’s Fuse platform from April, according to PeckShield.