Several cryptocurrency and forensics experts have taken to Twitter to explain the happenings. The article attempts to summarize the information:

Currently, there are 18 million dollars left in the contract, which will probably be drained in the next few hours.

1. Looking at the transactions that have interacted with the contract, we can see that all of these exploits have one thing in common, they call the `process()` function in the Nomad ERC20 Bridge Contract.

2. Now, the process function is as follows: - It checks that the domain of the message is correct(ie a transaction signed for Evmos is meant for Evmos) - It checks that the message has been proven by the prover - It calls the handler to do what the message wants(ie bridge tokens).

3. Unfortunately, if you try to replay the same contract call the execution will be reverted. Why? You shouldn't be able to withdraw something twice. The bridge seems to allow the user to pass in an arbitrary amount when they withdraw that does not necessarily correlate with the amount they deposited into nomad on the other chain.

Case Study of the Nomad Bridge Hack

1. Nomad works in 2 steps:

• User sends token from X chain

• User processes token withdrawal on Y chain. In this step 2, the bridge seems to allow the user to pass in an arbitrary amount.

2. User sends 0.2 WETH from Moonbeam to Ethereum. In event 2, a message is

generated which is passed to the processor contract on the Ethereum side.

3. Nomad uses a bytes processing library to simplify dealing with raw bytes. They do

not validate the message body when receiving a payload and instead accept any input from the user.

4. The exploit points to the processor contract not validating the received message

payload. However, it seems like some generalized MEV frontrunning bots were able

to replay the old attacks and withdraw massive amounts of WETH/WBTC.

Solutions to the Nomad Bridge Hack (Affected Users)

What should I do after the nomad hack? Here is what you should do to prevent further losses.

1. If you have any funds in @nomadxyz_, @EvmosOrg, @MoonbeamNetwork or @milkomeda_com.

2. You need to swap out of nomad assets and use a different bridge to bridge back to Ethereum or another chain asap.

3. Nomad has been chosen as the canonical bridge for @EvmosOrg, @MoonbeamNetwork , and @milkomeda_com.Therefore, you need to get all of your assets off these chains immediately.

4. Nomad has also paused the relayer and is trying to censor all bridging transactions using the watcher, however, this is likely little help since the exploit was on the contract side and not on the infra side.

If you have any more info about the hack, please comment below or share a link. We want this to be a good outcome for everyone(except the hackers).

Article credits to engineers @samczsun, @0xmagnetized, and @ParadigmEng420 give full information about the happenings.