Evaluating only Nomad Bridge’s profile at its peak — without knowing the outcome — the model ranked Unit economics as the #1 likely cause. Documented cause: Security failure.
Key Events Timeline
FOUNDING
Nomad Bridge founded as a cross-chain messaging and asset transfer protocol
FUNDING
Raised $22.4 million from Coinbase Ventures, OpenSea Ventures, and Ethereal Ventures
FRAUD EXPOSURE
Critical smart contract vulnerability discovered: routine upgrade introduces proof validation bug allowing any message to be considered valid
SHUTDOWN
Bridge exploited for $190 million in 'crowd hack' within two hours; thousands of copycat transactions drain the protocol after exploit goes public on Twitter
Full Analysis
Free · no account needed
Documented cause
Nomad Bridge was a cross-chain messaging and asset transfer protocol backed by $22.4 million from Coinbase Ventures, OpenSea Ventures, and Ethereal Ventures. On August 2, 2022, a routine upgrade to the bridge's smart contract introduced a critical vulnerability: a proof validation bug that allowed any message to be considered valid. The first attacker noticed this and exploited it for $2.3 million. Within minutes, the exploit was public on Twitter, and thousands of copycat transactions began draining the bridge simultaneously — creating what security researchers called a 'crowd hack' or 'frenzied free-for-all.' The total damage was approximately $190 million drained in under two hours. Because any message was treated as valid, exploiters simply needed to copy-paste the original exploit transaction and change the destination address.
Lesson
“A routine upgrade that introduces a validation bypass in a contract holding $190 million is not a routine upgrade. The bigger the bridge, the more consequential every change — and the more a security audit is not optional.”