Rekt reported that the Nomad Bridge lost about $190 million after a June upgrade left the Replica contract initialized with a trusted 0x00 root. The flaw let attackers call process() without proving message validity, and copycats could repeat the transaction through Etherscan by swapping in their own addresses. The incident unfolded as a crowd exploit with whitehat claims, MEV bot activity, and several large exploiter wallets, while affected ecosystems such as Moonbeam, EVMOS, and Milkomeda lost substantial TVL. The article briefly compares the bridge-risk pattern with Harmony's earlier $100 million loss linked to Lazarus, but it does not attribute the Nomad theft to Lazarus.