The Nomad bridge was just exploited for 165m

Currently, the details of the hack are unknown and this is not a post-mortem.

However, here are some details about the hack

👇 🧵 (1/12)
Two hours ago, Nomad had a tvl of 165m dollars according to defillama.
Currently, there are 18 million dollars left in the contract, which will probably be drained in the next few hours.
Looking at the transactions that have interacted with the contract, we can see that all of these exploits have one thing in common, they call the `process()` function in the Nomad ERC20 Bridge Contract.
Now, the process function is as follows:
- It checks that the domain of the message is correct(ie a transaction signed for evmos is meant for evmos)
- It checks that the message has been proven by the prover
- It calls the handler to do what the message wants(ie bridge tokens)
Unfortunately, if you try to replay the same contract call the execution will be reverted. Why? You shouldn't be able to withdraw something twice.
According to this thread, the bridge seems to allow the user to pass in an arbitrary amount when they withdraw that does not necessarily correlate with the amount they deposited into nomad on the other chain.

However, it seems like some generalized MEV frontrunning bots were able to replay the old attacks and withdraw massive amounts of WETH/WBTC

If you know how to do this, please DM me lmao
If you have any funds in @nomadxyz_, @EvmosOrg, @MoonbeamNetwork, or @milkomeda_com, you need to swap out of nomad assets and use a different bridge to bridge back to Ethereum or another chain asap.
Nomad has been chosen as the canonical bridge for @EvmosOrg, @MoonbeamNetwork, and @milkomeda_com, you need to get all of your assets off these chains immediately.
Nomad has also paused the relayer and is trying to censor all bridging transactions using the watcher, however, this is likely little help since the exploit was on the contract side and not on the infra side.
If you have any more info about the hack, please DM me or post it in the nomad discord. We want this to be a good outcome for everyone(except the hackers)

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Paradigm Engineer #420

Paradigm Engineer #420 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!