Nomad Bridge Hack (2022).

An August 2022 attack on the Nomad cross-chain bridge where a single misconfigured trusted-root value allowed any user to copy-paste an existing withdrawal transaction with a different recipient — a chaotic ~$190 million crowd-drain. Pertence à categoria Web3 e blockchain da cibersegurança.

An August 2022 attack on the Nomad cross-chain bridge where a single misconfigured trusted-root value allowed any user to copy-paste an existing withdrawal transaction with a different recipient — a chaotic ~$190 million crowd-drain.

The Nomad bridge was hacked on 1 August 2022 in one of the most chaotic incidents in Web3 history. Nomad had recently upgraded a contract and, in the process, mistakenly initialized a trusted-root value to `0x00`, which had the side effect of treating every unproven message as already valid. Anyone who saw the first attacker's successful withdrawal transaction could copy it, swap the destination address for their own, and broadcast — and the contract would dutifully pay out. As word spread on Twitter and Telegram, hundreds of independent addresses (including many one-off opportunists who would normally never touch a bridge exploit) began draining the contract simultaneously. By the time Nomad's team pulled the bridge offline, roughly $190 million had been removed. A subsequent recovery campaign asked the 'whitehat' subset of drainers to return funds; about a third of the value was recovered. The Nomad case is a canonical example of how a single misconfigured constant in a bridge contract can produce a 'crowd-sourced' exploitation pattern unique to public-blockchain incidents.

As defesas contra Nomad Bridge Hack (2022) costumam combinar controles técnicos e práticas operacionais, conforme detalhado na definição acima.

Nomes alternativos comuns: Nomad hack, Nomad chaotic drain.