Description
A faulty Merkle root update allowed anyone to prove arbitrary messages, leading to a crowd-sourced drain of $190M from the bridge.
Evidence & References
Affected Protocol
Nomad
Vulnerability Type
merkle root misconfiguration
Date Occurred
2022-08-01
Date Reported
2026-04-21