Bridge Incident Registry
Incident case

Nomad Bridge 2022 message verification exploit

In August 2022, Nomad Bridge was exploited after a message verification flaw made fraudulent withdrawals copyable by many participants. Public reporting commonly describes the loss as roughly $190 million, with partial recovery and unresolved recovery/reimbursement questions.

reviewedcurrent

Incident facts

Incident title
Nomad Bridge 2022 message verification exploit
Bridge
Nomad Bridge
Incident date
2022-08-01
Incident type
Exploit
Major incident
Yes
Affected chains
Ethereum, Avalanche, Unknown
Affected assets
ETH, USDC, USDT, WBTC
Attack category
Message Verification Failure
Reported loss
$190 million
Recovery
Partial Recovery
Reimbursement
In Progress
Restart
Partially Reopened
Current outcome
Limited After Incident
Resolution
Unresolved
Last reviewed
2026-06-15
Last verified
2026-06-15

Timeline events

  • Partial recovery reported2022-08

    Nomad documented returned funds and a recovery process intended to make recovered assets available to affected users on a pro-rata basis.

    Partial Recovery ReportedHigh

  • Nomad exploit disclosed2022-08-01

    The Nomad Bridge exploit became public after fraudulent withdrawals were copied by many participants.

    Exploit DisclosedHigh

  • Nomad published root-cause analysis2022-08-05

    Nomad documented the initialization and message-verification flaw that allowed fraudulent messages to be accepted.

    Root Cause Analysis PublishedHigh

  • Nomad recovery bridge relaunched with restrictions2022-12-20

    Affected users could bridge back madAssets and access pro-rata recovered funds, while new canonical-token deposits remained disabled.

    Recovery Bridge RelaunchedHigh

  • Nomad included in bridge-hack research context2025-01-06

    Later cross-chain bridge hack surveys use Nomad as a major reference case for message verification and bridge exploit classification.

    Research ContextMedium

Evidence records

Known unknowns