Crypto Updates

Nomad releases bridge relaunch guide after patching contract vulnerability

Nomad releases bridge relaunch guide after patching contract vulnerability


The Nomad token bridge has announced its relaunch guide after fixing the contract vulnerability that led to a $190 million exploit in August. According to a blog post from Dec. 7, the Nomad protocol will allow users to bridge back madAssets and access a pro-rata share of recovered funds. 

A redesign for the token bridge was also implemented, said the company, explaining that without this redesign, the “first people to bridge back their madAssets would receive canonical tokens on a one-to-one basis until there were no canonical tokens left.”

To avoid this first-come, first-serve approach, the team implemented changes in the protocol to give users the ability to bridge back and access a pro-rata share of recovered funds, ensure the tokens accessed from bridging back are in the original token, and provide a mechanism for impacted users to access future recovered funds. The company stated:

“Given the scope of these changes, a full audit of the smart contracts was completed along with an additional re-review of any remediations with our auditors.”

Users seeking to access recovered funds must complete a Know Your Customer and an Anti-Money Laundering verification process, as well as link their wallet addresses to their CoinList account, notes the blog post.

Related: Half of all DeFi exploits are cross-bridge hacks

Users will be able to bridge back madAssets to Ethereum after successfully completing the first step and receive a unique nonfungible token that accounts for the type and quantity of assets that can be bridged back. The NFT will grant access to a portion of a bridged asset equal to the recovered percentage.

As previously reported by Cointelegraph, bad actors discovered a security loophole in Nomad’s smart contracts in August, allowing them to extract funds via dubious transactions. A Coinbase analysis later revealed that hundreds of copycats joined the hackers, copying the same code but modifying recipient addresses, token amounts and target tokens.

Nomad is a bridge that allows transfers of tokens between Avalanche, Ethereum, Evmos, Milkomeda C1 and Moonbeam. As of August, only 20% of the stolen funds, nearly $37 million, had been recovered. The company’s official website still asks white hats to return tokens.