The project went offline after announcing ambitious plans. The stolen funds are still in circulation.
In August 2022, Nomad, a cross-chain bridge, was exploited for almost $200 million. A routine upgrade led to “one of the most chaotic hacks that Web3 has ever seen,” with all users being able to steal funds by simply re-broadcasting transactions that worked for others.
The Nomad Bridge was relaunched in December 2022 to allow bridging assets back. Nomad tried to lure users to return the funds by offering a 10% bounty for white hackers. Reportedly, about 20% of funds (over $37 million at that moment) were recovered within two weeks after the hack.
According to the latest data shared by the team, users could access only $9 million in recovered funds via the upgraded bridge as of January 2023. Currently, the recovery address holds $3,400.
A couple of months before the attack, Nomad raised $22.4 million in a seed round. The backers included Coinbase Ventures, OpenSea, Crypto.com Capital, Wintermute, Gnosis, Algaé, and Polygon. Currently, the project is not listed in their portfolios. Likely, the major share of their investments was lost.
Some tried to sue the Nomad Bridge for deceiving users through false promises of security that caused their losses, but the court dismissed the claim as the losses were caused by an error in the code.
Despite announcing ambitious recovery plans, the team went offline right after relaunching the bridge. Pranay Mohan, the Nomad co-founder and CEO, has also been inactive for a few years but recently reposted a tweet about an Infura update.
In August 2024, a Nomad Bridge exploiter-labelled address first bought some Ethereum dip and then transferred $ETH 14,500, currently worth approximately $49.4 million, to Tornado Cash, a popular cryptocurrency mixer.
Nomad Bridge: Two Years After Hack, Dead in the Water was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.