The cross-chain messaging protocol, Nomad, which suffered a $190 million exploit in August, is gearing up for a relaunch and plans to offer partial reimbursements to the impacted users.
In a recent update on their blog, the team behind the Nomad protocol revealed that they have enhanced the system to address the vulnerability leading to the breach. This enhancement will enable users to transition back their madAssets and claim a proportionate amount of the retrieved funds.
Furthermore, the team highlighted a revamp of the token bridge. They noted that the early users who transition their madAssets back will be granted canonical tokens on a 1:1 ratio until the supply of canonical tokens is exhausted.
The Nomad team has introduced several protocol modifications to address the aftermath of the exploit. These changes enable users to revert their assets and claim a proportionate slice of the recovered funds. They also ensure that tokens received from this process match the original tokens and have established a system for affected users to claim any additional recovered funds in the future.
Emphasizing the importance of transparency and safety, the team stated, “In light of the extensive changes, we undertook a comprehensive audit of our smart contracts, followed by a re-evaluation of any rectifications in collaboration with our auditors. We anticipate releasing a summary of this audit for public perusal in the forthcoming weeks.”
Additionally, for those seeking reimbursements, a mandatory step has been introduced: users are required to undergo the Know Your Customer (KYC) verification through CoinList. Nomad emphasizes that this procedure is pivotal to ensure that the reimbursement process aligns with regulatory compliance standards.
After completing the required KYC process, users will be awarded an NFT that represents their proportional entitlement of the reclaimed funds on the Ethereum network. Importantly, these NFTs cannot be transferred, serving as a receipt for users to claim any further recuperated funds in the future.
To provide context, Nomad is a protocol designed to facilitate the transfer of tokens across various blockchains. Earlier this year, it suffered a significant setback when malevolent actors exploited a vulnerability, siphoning off approximately $190 million.
Sam Sun, the Head of Security at Paradigm, shed light on the technicalities behind the exploit. The vulnerability was due to an oversight by the Nomad team when “the trusted root was set to 0x00” during an update. This seemingly minor error inadvertently validated every message.
Explaining the gravity and simplicity of the breach, Sun said, “The hack’s extent was magnified by its simplicity. Knowledge of advanced concepts like Solidity or Merkle Trees wasn’t necessary. An attacker merely had to identify a functional transaction, swap out the original user’s address with their own, and then broadcast it.”