The Nomad token bridge has announced its relaunch guide after fixing the contract vulnerability that led to a $190 million exploit in August. According to a blog post from Dec. 7, the Nomad protocol will allow users to bridge back madAssets and access a pro-rata share of recovered funds.
A redesign for the token bridge was also implemented, said the company, explaining that without this redesign, the “first people to bridge back their madAssets would receive canonical tokens on a one-to-one basis until there were no canonical tokens left.”
To avoid this first-come, first-serve approach, the team implemented changes in the protocol to give users the ability to bridge back and access a pro-rata share of recovered funds, ensure the tokens accessed from bridging back are in the original token, and provide a mechanism for impacted users to access future recovered funds. The company stated:
“Given the scope of these changes, a full audit of the smart contracts was completed along with an additional re-review of any remediations with our auditors.”
Users seeking to access recovered funds must complete a Know Your Customer and an Anti-Money Laundering verification process, as well as link their wallet addresses to their CoinList account, notes the blog post.
Related: Half of all DeFi exploits are cross-bridge hacks
Users will be able to bridge back madAssets to Ethereum after successfully completing the first step and receive a unique nonfungible token that accounts for the type and quantity of assets that can be bridged back. The NFT will grant access to a portion of a bridged asset equal to the recovered percentage.
As previously reported by Cointelegraph, bad actors discovered a security loophole in Nomad’s smart contracts in August, allowing them to extract funds via dubious transactions. A Coinbase analysis later revealed that hundreds of copycats joined the hackers, copying the same code but modifying recipient addresses, token amounts and target tokens.
Nomad is a bridge that allows transfers of tokens between Avalanche, Ethereum, Evmos, Milkomeda C1 and Moonbeam. As of August, only 20% of the stolen funds, nearly $37 million, had been recovered. The company’s official website still asks white hats to return tokens.