Nomad's cross-chain bridge has been hacked, as reported by Colin Wu, who shared a tweet provided by the official Nomad account regarding the incident. According to Paradigm researcher ''samczsun," the hack could be described as one of DeFi's most chaotic attacks to date.
Nomad, a cross-chain protocol that has just received $22.4 million in investment from Coinbase and other institutions, was hacked, and more than $100 million of funds may be exploited. https://t.co/r3xaF0cNyw— Wu Blockchain (@WuBlockchain) August 1, 2022
Peckshield indicates that 41 addresses grabbed nearly $152 million, or nearly 80% of the Nomad bridge exploit, although the total amount lost has not yet been confirmed. However, it is estimated that millions worth of wrapped Bitcoin (WBTC), wrapped Ethereum (WETH), USD Coin (USDC) and other assets were stolen.
According to a Twitter user, the "paradigm engineering the bridge seems to allow the user to pass in an arbitrary amount when they withdraw that does not necessarily correlate with the amount they deposited into nomad on the other chain, thus the exploit was taken advantage of."
Reports indicated that Nomad had a total value locked (TVL) of $165 million, per DefiLlama data, at the time of the exploit.
Cardano users indirectly affected
According to the Cardano-focused Twitter account, ADA whale, Cardano users might have been indirectly affected by the hack.
Terrible news about the Nomad hack, indirectly affecting a lot of people on Cardano. Risk manager’s gut feeling / intuition strikes again, unfortunately :( pic.twitter.com/i7m6FSExFB— ADA whale (@cardano_whale) August 2, 2022
Milkomeda C1 launched in late March, enabling Ethereum dApps to be deployed in the Cardano ecosystem. The cross-chain protocol, Nomad, is one of the dApps functioning on Milkomeda C1.
Ahead of the deployment, Nomad announced in February that its Ethereum bridge will be connected to Milkomeda, which means, in effect, that assets can be sent back and forth between Cardano and Ethereum.
Milkomeda spoke on the incident afterward: "We are aware of the Nomad exploit. Unfortunately, we can't control what happens to other projects. This does not affect the base Milkomeda protocol, but Nomad is one of the multiple bridges deployed to Milkomeda, so users of Nomad-based assets on Milkomeda & Cardano are affected."
Milkomeda is a Layer 2 protocol (rollup) delivering EVM capabilities to non-EVM blockchains.