Nomad Bridge Hack (2022).

An August 2022 attack on the Nomad cross-chain bridge where a single misconfigured trusted-root value allowed any user to copy-paste an existing withdrawal transaction with a different recipient — a chaotic ~$190 million crowd-drain. Es gehört zur Kategorie Web3 und Blockchain der Cybersicherheit.

An August 2022 attack on the Nomad cross-chain bridge where a single misconfigured trusted-root value allowed any user to copy-paste an existing withdrawal transaction with a different recipient — a chaotic ~$190 million crowd-drain.

The Nomad bridge was hacked on 1 August 2022 in one of the most chaotic incidents in Web3 history. Nomad had recently upgraded a contract and, in the process, mistakenly initialized a trusted-root value to `0x00`, which had the side effect of treating every unproven message as already valid. Anyone who saw the first attacker's successful withdrawal transaction could copy it, swap the destination address for their own, and broadcast — and the contract would dutifully pay out. As word spread on Twitter and Telegram, hundreds of independent addresses (including many one-off opportunists who would normally never touch a bridge exploit) began draining the contract simultaneously. By the time Nomad's team pulled the bridge offline, roughly $190 million had been removed. A subsequent recovery campaign asked the 'whitehat' subset of drainers to return funds; about a third of the value was recovered. The Nomad case is a canonical example of how a single misconfigured constant in a bridge contract can produce a 'crowd-sourced' exploitation pattern unique to public-blockchain incidents.

Schutzmaßnahmen gegen Nomad Bridge Hack (2022) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: Nomad hack, Nomad chaotic drain.