What happened?
At 5:32 PM Eastern Time (ET) on the 1st of August, the Nomad token bridge was exploited for more than $190 million. The list of projects affected by this attack is really long. It turns out more than 300 wallet addresses were involved in the exploit.
The good news is that most of these wallets were used by white-hat hackers, who saved a lot of assets and sent them back to the Nomad's official recovery address.
You can learn more about the technical details of the exploit on Nomad's medium page - Root Cause Analysis and The Road to Recovery.
How we’re dealing with the situation
Our team is working hard to investigate and verify the funds and trace the hackers' wallets participating in suspicious transactions with $IAG tokens after the bridge exploit.
The Iagon Token Bridge (front end UI), designed to enable the exchange of ERC-20 IAG tokens for native Cardano blockchain tokens and vice versa, shut down after the Nomad exploit. It was powered by the Nomad Protocol and Milkomeda´s sidechain.
$IAG token on Cardano
The $IAG token is available on Ethereum and Cardano blockchains (with a supply of 1 billion in total). Earlier this year, we successfully migrated 50% of the supply (i.e. ±500 million tokens) to Cardano.
Luckily, with the help of the Milkomeda team, assets from the Milkomeda bridge side (CNT $IAG tokens) were removed so they were not affected. This means that the tokens on Cardano are perfectly safe.
Moreover, there are no issues with liquidity and trading on Minswap.
$IAG token on Ethereum
The total number of $IAG ERC20 tokens on the Bridge before the exploit was ± 516 million.
Today, there are 357,590,981.11 $IAG tokens on the official Nomad recovery wallet. Those are the funds returned by the white-hat hackers. Hats off to them. We’re really grateful.
There is also 16,450,356.4042328 $IAG still left locked in the Nomad Bridge contract.
We also found out that 15,154,039.97 $IAG tokens were 'burned' (sent to a dead wallet or an $IAG smart contract).
What’s worth noting, we are closely cooperating with the Bitrue and Gate.io exchanges' teams, examining suspicious transactions in detail. So far, we’ve managed to lock 2 hacker Bitrue accounts with around 6mln $IAG tokens deposited after the exploit. This is still in progress and we are in talks with Gate.io to check some more suspicious wallet addresses.
At this date, more than 76% of ERC20 $IAG tokens affected by the exploit were recovered. However, 120,872,825.76 $IAG tokens are still under review and unaccounted for.
Any ERC20 deposits or withdrawals on Gate.io exchange are halted to prevent black-hat hackers' activity. It also helps to investigate previous actions.
On Bitrue, only ERC20 deposits are paused, but withdrawals are reactivated.
What's next
Iagon’s aim is to become 100% Cardano native. Of course, this is not something that can be achieved in a single day. Our team is tweaking the mechanics and working on the details. Once the works are completed, we will present the results to the community.
CEX Exchanges
We’re planning to resume deposits and withdrawals for Cardano network tokens on Bitrue and Gate.io exchanges as soon as possible. It may take some time, but we’ll get there eventually.
For the time being, deposits and withdrawals for ERC20 tokens remain suspended.
For more information and other updates, please follow us on our social media (links below), or head over to the IAGON Website!
