Nomad Bridge
HackedInfrastructure · born 2021 · ✝ 2022
A bug turned a bridge into a free-for-all, drained of ~$190M by a crowd.
Nomad was a cross-chain messaging bridge. A faulty contract upgrade let anyone copy a working exploit transaction, leading to a chaotic 'decentralized robbery' that drained nearly $190M.
- Peak
- ~$190M drained
- Cause
- Hacked
- Year of death
- 2022
☠️ Cause of death
An initialization error marked a zero hash as valid, so any message was treated as proven; hundreds of copycats replayed the exploit to empty the bridge.
📓 Lessons left behind
- —A single bad config can invalidate all security checks.
- —Public exploit transactions get copied within minutes.
- —Upgrade processes need rigorous review before going live.
🌱 The idea that survived
Optimistic verification done right
The push for safer upgrade controls and audited initialization in bridge contracts.
#bridge#exploit#config-error