Nomad Bridge Hack (2022)
What is Nomad Bridge Hack (2022)?
Nomad Bridge Hack (2022)An August 2022 attack on the Nomad cross-chain bridge where a single misconfigured trusted-root value allowed any user to copy-paste an existing withdrawal transaction with a different recipient — a chaotic ~$190 million crowd-drain.
The Nomad bridge was hacked on 1 August 2022 in one of the most chaotic incidents in Web3 history. Nomad had recently upgraded a contract and, in the process, mistakenly initialized a trusted-root value to `0x00`, which had the side effect of treating every unproven message as already valid. Anyone who saw the first attacker's successful withdrawal transaction could copy it, swap the destination address for their own, and broadcast — and the contract would dutifully pay out. As word spread on Twitter and Telegram, hundreds of independent addresses (including many one-off opportunists who would normally never touch a bridge exploit) began draining the contract simultaneously. By the time Nomad's team pulled the bridge offline, roughly $190 million had been removed. A subsequent recovery campaign asked the 'whitehat' subset of drainers to return funds; about a third of the value was recovered. The Nomad case is a canonical example of how a single misconfigured constant in a bridge contract can produce a 'crowd-sourced' exploitation pattern unique to public-blockchain incidents.
● Examples
- 01
Within hours of the first Nomad exploit transaction, hundreds of independent EOAs were copy-pasting and modifying it; total loss reached ~$190M.
- 02
A post-mortem of the Nomad case is taught in modern smart-contract audit courses as a warning about default-zero trust-root initialization values.
● Frequently asked questions
What is Nomad Bridge Hack (2022)?
An August 2022 attack on the Nomad cross-chain bridge where a single misconfigured trusted-root value allowed any user to copy-paste an existing withdrawal transaction with a different recipient — a chaotic ~$190 million crowd-drain. It belongs to the Web3 & Blockchain category of cybersecurity.
What does Nomad Bridge Hack (2022) mean?
An August 2022 attack on the Nomad cross-chain bridge where a single misconfigured trusted-root value allowed any user to copy-paste an existing withdrawal transaction with a different recipient — a chaotic ~$190 million crowd-drain.
How does Nomad Bridge Hack (2022) work?
The Nomad bridge was hacked on 1 August 2022 in one of the most chaotic incidents in Web3 history. Nomad had recently upgraded a contract and, in the process, mistakenly initialized a trusted-root value to `0x00`, which had the side effect of treating every unproven message as already valid. Anyone who saw the first attacker's successful withdrawal transaction could copy it, swap the destination address for their own, and broadcast — and the contract would dutifully pay out. As word spread on Twitter and Telegram, hundreds of independent addresses (including many one-off opportunists who would normally never touch a bridge exploit) began draining the contract simultaneously. By the time Nomad's team pulled the bridge offline, roughly $190 million had been removed. A subsequent recovery campaign asked the 'whitehat' subset of drainers to return funds; about a third of the value was recovered. The Nomad case is a canonical example of how a single misconfigured constant in a bridge contract can produce a 'crowd-sourced' exploitation pattern unique to public-blockchain incidents.
How do you defend against Nomad Bridge Hack (2022)?
Defences for Nomad Bridge Hack (2022) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Nomad Bridge Hack (2022)?
Common alternative names include: Nomad hack, Nomad chaotic drain.
● Related terms
- web3№ 1055
Ronin Bridge Hack (2022)
A March 2022 attack on the Ronin Network bridge that drained ~$625 million in ETH and USDC — at the time the largest crypto bridge hack ever — attributed to North Korea's Lazarus Group via compromise of validator keys.
- web3№ 1379
Wormhole Bridge Hack (2022)
A February 2022 attack on the Wormhole cross-chain bridge between Solana and Ethereum that minted 120,000 wETH worth ~$326 million by exploiting a signature-verification flaw in the bridge's smart contract.
- web3№ 1171
Smart Contract Security
The practice of designing, reviewing, and operating on-chain programs so they cannot be exploited to steal funds, freeze logic, or violate intended business rules.
- web3№ 1170
Smart Contract Audit
An independent security review of smart-contract source code, deployment configuration, and economic design to find vulnerabilities before launch or upgrade.
- web3№ 122
Blockchain Security
The discipline of protecting distributed ledgers, their consensus mechanisms, smart contracts, and surrounding infrastructure from compromise, fraud, and theft.
- web3№ 331
DeFi
Decentralized Finance: financial protocols built from smart contracts on public blockchains that offer lending, trading, and other services without traditional intermediaries.