Nomad Bridge Hack (2022).

An August 2022 attack on the Nomad cross-chain bridge where a single misconfigured trusted-root value allowed any user to copy-paste an existing withdrawal transaction with a different recipient — a chaotic ~$190 million crowd-drain. サイバーセキュリティの Web3 とブロックチェーン カテゴリに属します。

An August 2022 attack on the Nomad cross-chain bridge where a single misconfigured trusted-root value allowed any user to copy-paste an existing withdrawal transaction with a different recipient — a chaotic ~$190 million crowd-drain.

The Nomad bridge was hacked on 1 August 2022 in one of the most chaotic incidents in Web3 history. Nomad had recently upgraded a contract and, in the process, mistakenly initialized a trusted-root value to `0x00`, which had the side effect of treating every unproven message as already valid. Anyone who saw the first attacker's successful withdrawal transaction could copy it, swap the destination address for their own, and broadcast — and the contract would dutifully pay out. As word spread on Twitter and Telegram, hundreds of independent addresses (including many one-off opportunists who would normally never touch a bridge exploit) began draining the contract simultaneously. By the time Nomad's team pulled the bridge offline, roughly $190 million had been removed. A subsequent recovery campaign asked the 'whitehat' subset of drainers to return funds; about a third of the value was recovered. The Nomad case is a canonical example of how a single misconfigured constant in a bridge contract can produce a 'crowd-sourced' exploitation pattern unique to public-blockchain incidents.

Nomad Bridge Hack (2022) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Nomad hack, Nomad chaotic drain。