Inside The First Decentralised Crowd-Looting Event

The Story of the Great Nomad Hack

In a completely unprecedented exploit that took place yesterday, August 1st 2022, the Nomad Bridge was drained of over $190m in various assets. What makes this exploit stand out is the fact that it was the first-ever hack where members of the general public were an active participant in.

The Nomad Bridge hack was initially orchestrated by one person, but soon enough, regular users were able to spot the weakness that the original hacker exposed, and exploit it by simply doing Ctrl+C, Ctrl+V.

This article is a deep-dive into how such an exploit was made possible in the first place. Big shout to Twitter user 0xfoobar who flagged this exploit as it started happening and samczsun who found out the root cause of how this was possible in the first place.

What is Nomad?

Nomad is a cross-chain bridge that allows users to transfer crypto assets between chains, only the transfer never really takes place. Nomad runs multiple smart contracts that burn the asset on the original chain, and mint it on the new chain. This is why when you perform a cross-chain asset — you would for example own wETH and not ETH. Wrapped Ether is a mirrored version of Ether compatible on other chains.