Nomad, a token bridge that enables users to send and receive tokens between Evmos (EVMOS), Avalanche (AVAX), Moonbeam (GLMR), Ethereum (ETH), and Milkomeda C1 blockchain, was attacked this week with hackers draining almost $200 million.
According to DeFi Llama, a decentralized finance tracking platform, $190.7 million was stolen from the bridge. The current total valued locked – the amount of user funds deposited in a DeFi protocol – is less than $12,000.
Nomad still doesn´t know how the hackers were able to steal the funds. But according to samczun, the head of security at web3 investment firm Paradigm, a recent update to one of Nomad´s smart contracts made it easy for users to spoof transactions. When a user transferred funds, Nomad didn’t check the amount, enabling the user to withdraw funds that weren’t theirs.
The attack was after Nomad revealed that a number of high-profile crypto investors, including Coinbase Ventures, OpenSea, Polygon, and Crypto.com Capital, participated in its $22 million April seed round, which landed the company a $225 million valuation.