{"id":65209,"date":"2022-08-02T09:27:11","date_gmt":"2022-08-02T06:27:11","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=65209"},"modified":"2025-09-06T18:43:24","modified_gmt":"2025-09-06T15:43:24","slug":"hackers-drain-nomad-cross-chain-protocol-of-over-90-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hackers-drain-nomad-cross-chain-protocol-of-over-90-million\/","title":{"rendered":"Hackers Drain Nomad Cross-Chain Protocol of Over $90 Million"},"content":{"rendered":"<p>The Nomad cross-chain protocol was subjected to a hacker attack, resulting in attackers siphoning off crypto assets totaling more than $90 million. This was reported by researchers SlowMist.<\/p>\n<p><!--more--><\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8SlowMist Security Alert\ud83d\udea8<a href=\"https:\/\/twitter.com\/nomadxyz_?ref_src=twsrc%5Etfw\">@nomadxyz_<\/a> , a cross chain protocol was recently hacked causing majority of their funds to be stolen.<\/p>\n<p>We used <a href=\"https:\/\/twitter.com\/MistTrack_io?ref_src=twsrc%5Etfw\">@MistTrack_io<\/a> and traced ~90M to the following 3 addresses here. <\/p>\n<p>Follow us as we continue our investigation into this exploit. <a href=\"https:\/\/t.co\/HSV5SPU33J\">pic.twitter.com\/HSV5SPU33J<\/a><\/p>\n<p>\u2014 SlowMist (@SlowMist_Team) <a href=\"https:\/\/twitter.com\/SlowMist_Team\/status\/1554262106597384192?ref_src=twsrc%5Etfw\">August 2, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Using the MistTrack platform, analysts traced the movement of funds to three Ethereum addresses. The majority of stolen assets consist of wrapped assets like WBTC and <a href=\"https:\/\/twitter.com\/sniko_\/status\/1554240941095092226\">the stablecoin USDC<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">Here\u2019s the addresses and how much is in each one.<\/p>\n<p>Address 1: 0x56D8B635A7C88Fd1104D23d632AF40c1C3Aac4e3 ~$47M<\/p>\n<p>Address 2: 0xBF293D5138a2a1BA407B43672643434C43827179 ~39.7M<\/p>\n<p>Address 3: 0xB5C55f76f90Cc528B2609109Ca14d8d84593590E ~$8M<\/p>\n<p>\u2014 SlowMist (@SlowMist_Team) <a href=\"https:\/\/twitter.com\/SlowMist_Team\/status\/1554266336267845633?ref_src=twsrc%5Etfw\">August 2, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"\" utf-8\"><\/script><\/p>\n<p>Paradigm researcher going by the handle samczsun assessed the value of the withdrawn assets at $150 million.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">1\/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes \ud83d\udc47 <a href=\"https:\/\/t.co\/Y7Q3fZ7ezm\">pic.twitter.com\/Y7Q3fZ7ezm<\/a><\/p>\n<p>\u2014 samczsun (@samczsun) <a href=\"https:\/\/twitter.com\/samczsun\/status\/1554252024723546112?ref_src=twsrc%5Etfw\">August 1, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p>A roughly similar amount is mentioned in PeckShield researchers&#8217; tweet. According to them, the funds were sent to 41 addresses.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> PeckShield has detected ~41 addresses grabbed ~$152M (~80%) in the <a href=\"https:\/\/twitter.com\/nomadxyz_?ref_src=twsrc%5Etfw\">@nomadxyz_<\/a> bridge exploit, including ~7 MEV Bots (~$7.1M), <a href=\"https:\/\/twitter.com\/RariCapital?ref_src=twsrc%5Etfw\">@RariCapital<\/a> Arbitrum exploiter (~$3.4M), and 6 White Hat (~$8.2M). <br \/>~10% of these addresses with ENS names getting $6.1M <a href=\"https:\/\/t.co\/UUjk7ZiiKE\">pic.twitter.com\/UUjk7ZiiKE<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1554350737957998592?ref_src=twsrc%5Etfw\">August 2, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p>Nomad representatives confirmed the incident and assured users that they are investigating what happened. <\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.<\/p>\n<p>\u2014 Nomad (\u292d\u26d3\ud83c\udfdb) (@nomadxyz_) <a href=\"https:\/\/twitter.com\/nomadxyz_\/status\/1554246853348036608?ref_src=twsrc%5Etfw\">August 1, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p>As of this writing, <span data-descr=\"Total value locked in the smart contracts of the decentralized application\" class=\"old_tooltip\">TVL<\/span> of the Nomad platform stands at a mere $10,937, though shortly before the incident the figure had exceeded $180 million.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"329\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/Nomad-TVL-1024x329.png\" alt=\"Hackers withdraw more than $90 million from Nomad cross-chain protocol\" class=\"wp-image-180588\" srcset=\"https:\/\/forklog.com\/wp-content\/uploads\/Nomad-TVL-1024x329.png 1024w, https:\/\/forklog.com\/wp-content\/uploads\/Nomad-TVL-300x96.png 300w, https:\/\/forklog.com\/wp-content\/uploads\/Nomad-TVL-768x247.png 768w, https:\/\/forklog.com\/wp-content\/uploads\/Nomad-TVL.png 1359w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Data: <a href=\"https:\/\/defillama.com\/protocol\/nomad\" title=\"DeFi Llama\">DeFi Llama<\/a>.<\/figcaption><\/figure>\n<p>The Nomad protocol uses fraud proofs, as in <a href=\"https:\/\/forklog.io\/smotrim-v-budushhee-s-optimism-kak-rollups-reshayut-problemu-masshtabirovaniya-ethereum\/\">Optimistic Rollup<\/a>. The technology eliminates the need for multisignatures, validators and oracles.<\/p>\n<p>In April, the developers of the cross-chain bridge Nomad <a href=\"https:\/\/forklog.com\/en\/news\/nomad-cross-chain-bridge-developers-raise-22m-in-seed-round\">raised $22 million<\/a> following a seed round led by Polychain Capital.<\/p>\n<p>Read ForkLog\u2019s Bitcoin news on our <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">Telegram<\/a> \u2014 crypto news, prices and analytics.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Nomad cross-chain protocol was hacked, with attackers siphoning off crypto assets worth about $90 million.<\/p>\n","protected":false},"author":1,"featured_media":65210,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1650],"class_list":["post-65209","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-nomad"],"aioseo_notices":[],"amp_enabled":true,"views":"39","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/65209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=65209"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/65209\/revisions"}],"predecessor-version":[{"id":65211,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/65209\/revisions\/65211"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/65210"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=65209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=65209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=65209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}