A security flaw, allowing hackers to drain the bridge's funds in a series of transactions.
According to a decentralized finance (DeFi) tracking tool, nearly the entire $190.7 million in cryptocurrency has been withdrawn off the bridge, with just $651.54 remaining in the wallet.
The first suspicious transaction, which may have been the beginning of the ongoing hack, occurred when an individual managed to removed 100 Wrapped Bitcoin (WBTC) tokens valued at around $2.3 million off the bridge.
Shortly after the community voiced concerns about the potential exploit, the Nomad team acknowledged that it was aware of the "event affecting the Nomad token bridge," and that it is "currently examining the situation."
businesses for blockchain intelligence and forensics.
“Nomad has informed law enforcement and is working around the clock to address the issue and provide timely updates. The purpose of Nomad is to identify the accounts affected, as well as to trace and retrieve the funds. Nomad thanks its numerous white hat allies for acting immediately to withdraw and secure the funds.”
The following tokens were pulled off the bridge: WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI).
Exploiters removed tokens in an unusual manner, with each token withdrawn in almost equal proportions. For example, transactions with the exact amount of 202,440.725413 USDC were performed over 200 times.
Nomad is a token bridge that enables token transfers between Avalanche (AVAX), ETH, Evmos (EVMOS), Milkomeda C1, and Moonbeam (GLMR).
Unlike previous vulnerabilities that have become relatively popular in 2022, hundreds of addresses have received tokens directly from the bridge.
Meanwhile, the Polkadot network's Moonbeam smart contract platform, whose native GLMR token was one of those targeted by the Nomad hack, went into maintenance mode "to investigate a security problem." As a result, Moonbeam's functionality, such as normal user transactions and smart contract interactions, will be halted.
The attack comes at an unfortunate time for the bridge and its seed round investors from fundraising in April. On July 29, the project stated in a tweet that Coinbase Ventures, OpenSea, and five other significant crypto businesses joined in an April seed round investment, resulting in a $225 million valuation for Nomad.
Read also: Top cryptocurrency news: Huobi is authorized as an exchange service provider in Australia
