Nomad Token Bridge has released a reopening guide after fixing a contract vulnerability that led to a $190 million exploit in August. According to a Dec. 7 blog post, the Nomad protocol will allow users to bridge back madAssets and access a pro-rata share of recovered funds.
A redesign of the token bridge was also implemented, the company explained, and without this redesign, “the first person to bridge back madAssets would receive a legitimate token on a one-to-one basis until there were no legitimate tokens left.” ‘ explained.
To circumvent this first-come, first-served approach, the team implemented a protocol change to allow users to bridge back and access a pro-rata share of the recovered funds, ensuring that the tokens accessed from the bridge back were the original tokens. We have confirmed that the token will provide a mechanism for affected users to access recovered funds in the future. The company said:
“Given the scope of these changes, a full audit of the smart contract has been completed and an additional re-review of the amendments by the auditor.”
Users looking to access their recovered funds will need to complete Know Your Customer and Anti-Money Laundering verification processes and link their wallet addresses to their CoinList accounts, the blog post said.
Related: Half of all DeFi exploits are crossbridge hacks
After successfully completing the first step, users will be able to bridge back their madAssets to Ethereum and receive a unique, non-fungible token that describes the type and amount of assets that can be bridged back. NFT grants access to a portion of the bridge assets equal to the percentage recovered.
As Cointelegraph previously reported, malicious actors discovered a security loophole in Nomad’s smart contracts in August that allowed them to withdraw funds via questionable transactions. Coinbase’s analysis then revealed that hundreds of copycats had joined the hacker, copying the same code but changing the recipient’s address, token amount, and target his token.
Nomad is a bridge that allows the transfer of tokens between Avalanche, Ethereum, Evmos, Milkomeda C1 and Moonbeam. As of August, only 20% of the stolen funds, or about $37 million, had been recovered. The company’s official website still asks the white hats to return the tokens.