The Nomad token bridge announced its relaunch guide after fixing the contract vulnerability that led to a $190 million exploit in August. According to a blog post from Dec. 7, the Nomad protocol will allow users to bridge back madAssets and access a pro-rata share of recovered funds.
A redesign for the token bridge was also implemented by the Nomad team, said the company, explaining that without this redesign, the “first people to bridge back their madAssets would receive canonical tokens on a one-to-one basis until there were no canonical tokens left.”
To avoid this first-come, first-serve approach, the team implemented changes in the protocol to give users the ability to bridge back and access a pro-rata share of recovered funds, ensure the tokens accessed from bridging back are in the original token and provide a mechanism for impacted users to access future recovered funds. The company stated:
“Given the scope of these changes, a full audit of the smart contracts was completed along with an additional re-review of any remediations with our auditors.”
Users seeking to access recovered funds must complete a Know Your Customer (KYC) and an Anti-Money Laundering (AML) verification process, as well as linking their wallet addresses to their Coinlist account, noted the blog post.
Users will be able to bridge back madAssets to Ethereum after successfully completing the first step and receive a unique nonfungible token (NFT) that accounts for the type and quantity of assets that can be bridged back. NFT will grant access to a portion of a bridged asset equal to the recovered percentage.
As reported by Cointelegraph, bad actors discovered a security loophole in Nomad’s smart contracts in August, allowing them to extract funds via dubious transactions. A Coinbase analysis later revealed that hundreds of copycats joined the hackers by copying the same code but modifying recipient addresses, token amounts, and target tokens.
Nomad is a token bridge that allows transfers of tokens between Avalanche, Ethereum, Evmos, Milkomeda C1, and Moonbeam chains. As of August, only 20% of the stolen funds, nearly $37 million, had been recovered. The company’s official website still asks white hats to return tokens.