$190M Drained As Nomad Bridge Falls To Phishing Exploit

The wild attack left the bridge almost dry, but then the ‘White Hat’ friends stepped in.


Nomad Bridge, a cross-chain protocol, became the victim of a mind-blowing phishing exploit on Monday, August 2nd, as it lost almost the entirety of its $200 million crypto funds. The protocol was drained of funds over a long process of multiple transactions which left the Nomad Bridge as poor as a church mouse, with just $651 left on its books.

Nomad Bridge Is Falling Down

2022 has been one of the most active years in terms of the sheer number of hacks seen in the crypto world so far—and phishing exploits have established themselves as something of a trademark strategy used by fraudsters. Now, Nomad Bridge is the latest to have been struck down by the cruel hand of crypto hackers. The news comes just one month after the Harmony (ONE) protocol fell victim to a similar manner of attack.


Although the phishing scam has similarities to many of the other attacks carried out this year, there is one thing that separates this particular hacker from their predecessors; the bad actors, for whatever reason, sent transactions in almost equal sums, as USD Coin (USDC) was sent to the thieves’ wallets to the exact amount of 202,440.725413 across least 200 separate instances.

The Community Lends a Helping Hand

Despite almost the entirety of the protocol’s funds being drained, a spokesperson from Nomad revealed that concerned community members had stepped in as part of an attempt to safeguard as much of the funds as possible. These “White hat friends”, as they were dubbed, managed to benevolently protect funds in USD Coin (USDC), wrapped Ether (wETH), Dai (DAI), GeroWallet (GERO), and a couple of other, smaller cryptocurrencies.

“Our goal is to identify the accounts involved and to trace and recover the funds”, asserted Nomad, which facilitates cross-chain transfers between Ethereum (ETH), Avalanche (AVAX), Moonbeam, and Evmos. Interestingly, Moonbeam’s smart contract were also targeted in the phishing attack. The platform was eventually forced to disable user transfers and smart contract interactions in order “to investigate the security incident”.

In conclusion, the phishing incident has come at possibly the worst time for Nomad, as the company had finished a succesful funding round in April which garnered $225 million from big players like Coinbase Ventures and OpenSea.

Though the attack set Nomad back three times less than the infamous $600M Ronin Bridge hack in April, the incident raised calls for the implementation of additional security measures to ensure that users don’t succumb to the advanced phishing scams employed by modern crypto hackers.

Why You Should Care

With phishing scams proving to be a frequent strategy of crypto fraudsters in 2022, it’s important for agencies, protocols, security initiatives and users alike to carry out thorough analysis of each case in order to develop suitable measures against them.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Tadas Klimasevskis

Tadas Klimaševskis is a Lithuanian journalist at DailyCoin, specializing in covering the lighter side of the crypto industry such as memecoins and pop culture in the metaverse. He has experience as a music artist, English language teacher, and freelance writer, and uses his creative writing skills to summarize valuable information in his work. He is also a strong believer in the potential of blockchain and spends his free time listening to music, traveling, and watching basketball games.