← All incidents

Nomad bridge

A $190M loss on Ethereum in 2022, caused by a cross-chain bridge flaw. Here's what happened, the vulnerability class behind it, and where it stands in ProveWall's re-proof pipeline.

Loss$190M
Year2022
ChainEthereum
Vulnerability classCross-chain bridge
Mechanismmessage-verification init flaw
◷ In the ProveWall re-proof queue
We have not yet re-executed this exploit on a forked chain. When we do, this page will show a signed, independently replayable receipt — the exploit moving value, and the patched control resisting. Until then this is a factual incident summary, not a proof. No proof, no finding.

What this class of bug is

Bridge flaws break the link between a deposit on one chain and a mint/release on another — a bad message check or init bug lets an attacker unlock funds that were never locked.

How to read this page. The dollar figure is the publicly reported loss attributed to this incident. A ProveWall re-proof reproduces the vulnerability class/mechanism by execution on a forked chain, with a signed receipt — we say so explicitly only once that execution has passed.

Other cross-chain bridge exploits

Same vulnerability class, re-proven or queued on the wall: Qubit bridge

Want your own contract actually proven — not guessed?

Static tools and LLM auditors ask "is there a check here?" and miss the check that exists but is wrong. OmniGuard Labs runs the exploit on a forked chain and sends you a signed pass/fail receipt. Request a proof-backed audit →