Crypto Bridge Nomad Drained of Nearly $200 Million in Exploit

Nomad, a bridge protocol for transferring crypto tokens across different blockchains, lost close to $200 million in a security exploit on Monday, according to security firm PeckShield Inc.

The software system was drained of funds over hours and in small batches by various accounts, blockchain data shows.

“An investigation is ongoing and leading firms for blockchain intelligence and forensics have been retained,” the company said in a statement. “Nomad's goal is to identify the accounts involved and to trace and recover the funds.”

The attack makes Nomad the latest bridge to suffer an exploit this year. Bridges are software that enable different types of blockchains and their respective tokens to interoperate, rather than work in silos.

They have become frequent victims of hacks in recent years, with more than $1 billion stolen from bridges in 2022, according to a June report by forensics firm Elliptic.

Axie Infinity's Ronin bridge lost about $600 million in March and Harmony's Horizon was drained of $100 million in June.

The hack comes days after Nomad announced the full list of investors in its $22 million seed round, which was led by Polychain Capital, with participation from backers including Ethereal Ventures, Hack VC, Coinbase Ventures and Crypto.com Capital.

Nomad, which describes itself as a “security-first” cross-chain messaging protocol, had a vulnerability in its code that allowed attackers to broadcast fake messages and drain funds, PeckShield said.

One of the exploiters on Nomad was also involved in the $80 million hack from Rari Capital's Fuse platform from April, according to PeckShield.