Nomad Recovers Nearly $20M of Stolen $190M

Token bridge Nomad suffered a hack on Monday that resulted in a loss of $190 million in cryptocurrencies. So far, $19.4 million of those funds have been sent back to the protocol.

Nomad created a recovery wallet address in a plea to the “white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens” to return the lost digital assets.

The wallet was set up in association with custodian bank Anchorage Digital. Nomad has since taken to Twitter to thank some of its contributors.

Nomad’s hack resulted from an issue in the code itself, 1KX Research told Blockworks. Nomad developers had accidentally enabled a code setting which automatically verified any transaction script sent to the protocol, as long as they had a default “root” of “0x00.”

The result was a free-for-all involving onlookers rushing to submit illicit transactions, quickly draining the token bridge of all user funds kept inside its associated smart contract.

Nomad has acknowledged that some users wanted “more consistent communications” and apologized for not having “provided that up to this point.”

The firm announced via Twitter that hackers who return at least 90% of the total funds they hacked may be considered for a bounty of up to 10%. 

This incident is the third-biggest cryptocurrency hack this year after the Solana-to-Ethereum Wormhole bridge and the Axie Infinity Ronin bridge exploits, which lost $325 million and $625 million, respectively, valued at the time of the exploits.

---

Get the news in your inbox. Explore Blockworks newsletters:

• The Breakdown: Decoding crypto and the markets. Daily.
• 0xResearch: Alpha in your inbox. Think like an analyst.
• Empire: Crypto news and analysis to start your day.
• Forward Guidance: The intersection of crypto, macro and policy.
• The Drop: Apps, games, memes and more.
• Lightspeed: All things Solana.
• Supply Shock: Bitcoin, bitcoin, bitcoin.