Monday’s attack on Nomad indirectly affected Cardano users as the protocol was one of multiple bridges deployed to Milkomeda C1, a layer 2 protocol which allows Ethereum decentralized apps (dApps) to be deployed in the Cardano ecosystem, Milkomeda said.

See related article: More than 300 addresses said to perpetrate Nomad’s US$200 mln exploit

Fast facts

  • “This does not affect the base Milkomeda protocol, but Nomad is one of multiple bridges deployed to Milkomeda so users of Nomad-based assets on Milkomeda & Cardano are affected,” wrote Milkomeda on its official Twitter handle Tuesday after the exploit was discovered.
  • Milkomeda launched its Cardano sidechain, C1 in March this year, which enabled users to send assets back and forth from Cardano and Ethereum. 
  • Cardano-focused Twitter account ADA Whale (@cardano_whale) said a lot of Cardano users are indirectly affected by the attack on Nomad. The user had expressed concerns previously over having cross-chain bridges connected to Milkomeda.
  • The exploit on Nomad resulted from a routine software update on one of Nomad’s smart contracts that allowed users to spoof transactions and drain funds from the bridge, according to Twitter user and researcher at Paradigm, @samczsun.
  • Nomad notified its community via Twitter early morning Wednesday Asia time that it is setting up a recovery address for white hats to send recovered funds while developing an action plan to fix the technical flaw and working with law enforcement to trace and recover the stolen funds.

See related article: Are we helpless against attacks on blockchain bridges?