Cyber Threat Actor: Nomad
| Actor Type | Location | Known Incidents |
Criminal
|
United States of America
|
1 incident |
|---|
Profile
Nomad is a threat actor known by the alias Nomad and is associated with the United States of America based on publicly available information. The actor came to prominence through a single, well‑documented incident involving the Nomad Bridge, a cross‑chain decentralized finance protocol, which suffered a major security breach on August 1 2022. In that event, attackers exploited a vulnerability introduced in a recent smart contract update, allowing them to spoof transaction verifications and execute a copy‑paste style attack that enabled the fraudulent withdrawal of assets across multiple chains. The breach resulted in estimated losses of approximately $190 million, marking one of the largest decentralized finance exploits to date and underscoring systemic risks inherent in cross‑chain bridge infrastructure.
From the reported incident, the actor’s targeting can be inferred to focus on the decentralized finance sector, specifically protocols that facilitate asset transfers between different blockchain networks. The strategic objective demonstrated in the Nomad Bridge breach was financial gain, as the exploit directly facilitated the unauthorized extraction of funds. The observed tactics, techniques, and procedures include the exploitation of smart contract vulnerabilities, the spoofing of transaction verification mechanisms, and the use of a copy‑paste approach to replicate the attack rapidly once the initial flaw was identified. No specific malware families, initial access vectors, or tooling styles beyond these contract‑level manipulations are described in the available sources. Public attribution has not linked Nomad to any state sponsor, criminal consortium, or other affiliations, and no additional campaigns or operations have been publicly reported beyond the Nomad Bridge incident. This profile reflects only the facts explicitly presented in the provided context.
