The first suspicious transaction occurred at 9:32 pm UTC when someone withdrew 100 Wrapped Bitcoin (WBTC) worth about $2.3 million from the bridge.
Shortly after the community raised alarm about a potential attack, the Nomad team confirmed at 11:35 pm UTC that they were aware of the “incident involving the Nomad token bridge” adding it is “currently investigating” the incident.”
The attack destroyed the following tokens: WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL), and Charli3 (C3).
Nomad is a bridge that allows the tokens transfer between Avalanche (AVAX), Ethereum (ETH), Evmos (EVMOS), Milkomeda C1, and Moonbeam (GLMR).
Unlike other attacks in 2022, this time there are hundreds of addresses receiving tokens directly from the bridge. Meanwhile, smart contract platform Moonbeam, whose native GLMR token was targeted in the Nomad attack, went into maintenance mode at 11:18 pm UTC “to investigate a security incident.” As a result, regular user transaction functions and smart contract interaction will be disabled.
The incident comes after Nomad successfully raised a $22.4 million seed round in April and raised the company’s valuation to $225 million.
Follow our channels for more crypto news: