Almost three years after one of many largest DeFi exploits in historical past, authorities have arrested a key suspect within the $190 million Nomad Bridge hack.
Alexander Gurevich, an American-Israeli twin citizen, was detained in Israel and now faces extradition to the USA.
Arrest of Nomad Bridge Hack Suspect
Gurevich, a twin Russian-Israeli citizen, has been arrested in Israel for his alleged involvement within the $190 million Nomad Bridge hack that occurred in August 2022. The arrest was made at Ben Gurion Airport whereas Gurevich was trying to flee to Russia underneath a brand new identification, having legally modified his title to “Alexander Block” simply days prior.
“He matches the profile of a crypto-native risk actor: expert in good contract exploitation however finally undone by poor opsec,” stated Peter Kacherginsky, a blockchain safety professional and previously of Coinbase’s Unit 0x safety group, on X in reaction to Gurevich’s arrest.
Particulars of the 2022 Nomad Bridge Exploit
The Nomad Bridge exploit stays one of the exceptional and chaotic hacks in decentralized finance (DeFi) historical past. On August 1, 2022, attackers took benefit of a vital vulnerability in a Nomad good contract — a verification bug launched in a routine code replace that allowed messages with invalid proofs to be accepted as legitimate.
This misconfiguration within the bridge’s course of() perform brought on the contract to just accept any message with the proper root hash, no matter whether or not the proof was reputable. As soon as one consumer found out the exploit, believed to be Gurevich, it was quickly copied and pasted by a whole lot of wallets in a kind of “mob assault,” turning a focused hack into an opportunistic frenzy.
Gurevich’s Alleged Actions and Tried Escape
It has been reported that US prosecutors are accusing Gurevich of being the primary to use the weak spot in Nomad’s good contracts. This finally led to the exploit of $190 million, which was principally in USDC stablecoin and wrapped variations of Bitcoin and Ethereum.
The accusations are primarily based on a collection of Telegram messages Gurevich despatched to the Nomad group. He allegedly requested a US$500,000 bounty for figuring out the vulnerabilities in Nomad’s good contracts that allowed them to be exploited.
In keeping with publicly out there courtroom filings and regulation enforcement statements, Gurevich labored with others to conduct the exploit and launder the funds. The funds are alleged to have been laundered by a posh net of privateness cash, mixers, and offshore monetary entities.
US prosecutors say Gurevich managed to siphon US$2.89 million from Nomad Bridge. The remainder of the US$190 million is believed to have been misplaced to the copycats who joined in a free-for-all to steal as a lot cash as they may.
Blockchain intelligence firm TRM Labs reported that Gurevich used a ‘basic mixer stack’. He moved property by Twister Money on Ethereum, then transformed ETH to privateness cash comparable to Monero (XMR) and Dash (DASH). The privacy-centric property had been then routed by Defi instruments — non-custodial exchanges and decentralized liquidity swimming pools — Earlier than cashing out through over-the-counter (OTC) and offshore financial institution accounts. The offshore financial institution accounts had been usually linked to shell corporations registered in jurisdictions with ‘free’ laws.
Additionally it is urged that Gurevich leveraged Digital Asset Service Suppliers (VASPs) platforms with weak Know Your Buyer (KYC) requirements to transform crypto into fiat. He additionally allegedly used peer-to-peer (P2P) platforms in jurisdictions with restricted enforcement capability.
Implications for DeFi Safety and Authorized Precedents
The profitable arrest and extradition of a key determine within the Nomad Bridge exploit sign that pseudo-anonymity isn’t any assure of impunity within the crypto house. By international cooperation, data-driven investigations, and more and more subtle blockchain intelligence, regulation enforcement businesses are closing the hole on illicit actors.
Aditya Das Aditya Das Read More
