The Tokens Nomad bridge seems to have suffered a security failure that has allowed hackers to systematically empty the bridge funds during a series of transactions. So the company indicates on Twitter not all funds are lost since there are white glove hackers that only retire tokens with the intention of returning them when vulnerability is repaired.
According to the DeFi platform Llama , of the $190.7 million bridge held remains . However, Nomad has indicated on its Twitter account that not all the funds have been stolen; some of the funds, as yet undetermined by the company, are being held by white-collar hackers with the intention of returning them.
The first suspicious transaction, which could have been the genesis of the exploit, occurred at 21:32 UTC, when someone managed to withdraw 100 Wrapped Bitcoin (WBTC) worth about USD 2.3 million from the bridge.
As Cointelegraph reports, shortly after the community raised the alarm about the potential exploit, the Nomad team confirmed at 11:35pm UTC that they were aware of the "Nomad token bridge incident," adding that "currently investigating the incident."
In the incident, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL) and Charli3 (C3) tokens have been stolen from the WBTC bridge.
The attackers withdrew the tokens in an unusual manner, withdrawing each token in nearly equivalent denominations. For example, transactions involving exactly 202,440.725413 USDC were executed more than 200 times.
What is a bridge?
Due to the increasing number of blockchain networks, users often need to move their currencies between different blockchain networks. The problem is that blockchain, by its very nature, prevents this, as these networks are independent.
Bridges are applications that enable transactions between different networks. They connect blockchain of both information and assets between them. They also function as channels for transmitting information and for communication between two networks.
Nomad, specifically, is a bridge that allows token transfers between the Avalanche, Ethereum, Evmos, Milomeda C1, and Moonbeam (GLMR) networks. This theft also affected the Moonbeam platform, as its native token was one of the targets of the exploit . Moonbeam was forced to undergo maintenance due to the incident, described as a "security breach."
Sep 14, 2025
