Hundreds of potential miners seem to have spent all $190 million of TVL in just a few hours.
The Nomad token appears to have undergone a secure exploit that allowed hackers to systematically withdraw funds over a long series of transactions.
Almost all of the $190.7 million in crypto has been removed, leaving only $651.54 in the wallet, according to decentralized finance (DeFi) tracking platform DeFi Llama.
The first suspicious transaction, possibly the source of the ongoing mining, occurred at 9:32 p.m. UTC when someone managed to dump 100 Wrapped Bitcoin (WBTC) worth around 2.3 million USD.
The problem was with WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai ( DAI), GeroWallet (GERO) ), Starter Card (CARDS), Saddle DAO (SDL) and Charli3 (C3) taken from.
Nomad is a token bridge that allows the transfer of tokens between Avalanche (AVAX), Ethereum (ETH), Evmos (EVMOS), Milkomeda C1 and Moonbeam (GLMR).
Unlike other mining that became popular in 2022, this event has so far had hundreds of addresses receiving tokens directly from the bridge.
The attack came at the wrong time for the bridge and its seed investors from a fundraising in April. On July 29, the project revealed in a tweet that Coinbase Ventures, OpenSea, and five other major players in the crypto industry participated in a seed fundraiser in April, giving Nomad a level of valuation of $225 million.