Glossary
Nomad Bridge Hack
The August 2022 Nomad bridge exploit (~190M USD) that became a "free-for-all" — once one user demonstrated the bug, hundreds copied the call to drain different assets.
On August 1, 2022, attackers exploited a bug in the Nomad bridge introduced during a routine upgrade — a zero-hash message was now treated as automatically verified, letting anyone craft a withdrawal of any committed asset without proving anything.
The exploit was unusual in that hundreds of distinct addresses piled in once the original transaction was visible on-chain, each copying the call pattern with different asset parameters. The final loss was ~190 million USD. Several "white-hat" participants returned funds; the rest of the takings were never recovered. Nomad has since rebuilt.