Israel Arrests New Suspect Behind Nomad Bridge $190M Crypto Hack
In a significant development in the ongoing investigation into the Nomad Bridge smart-contract hack, Israeli authorities have arrested a new suspect, American-Israeli national Alexander Gurevich, in connection with the heist that saw over $190 million siphoned from the platform.
Gurevich's arrest was made possible by key information supplied to international law enforcement authorities by blockchain intelligence platform TRM Labs. The firm revealed that Gurevich played a central role in the hack, which is considered one of the largest in DeFi history.
The Nomad Bridge Hack: A Vulnerability Exploited for Millions
In August 2022, attackers exploited a critical vulnerability introduced in an update to Nomad's Replica smart contract. Specifically, a misconfiguration allowed any message with a correct root hash to be accepted, even if the underlying proof was invalid.
Once a single attacker figured out the flaw, the exploit method was quickly picked up by hundreds of other wallets, as it consisted in simply copy-pasting a specific transaction format. This "mob-style" attack led to a chaotic and decentralized looting of the bridge, draining over $190 million in ETH, USDC, WBTC, and ERC-20 tokens.
TRM Labs noted that the vulnerability was very easy to leverage, so even people with no hacking skills or deep blockchain knowledge joined in the exploitation. However, experienced North Korean actors were also implicated.
Gurevich's Role in the Hack
According to TRM Labs, Gurevich did not write or initiate the exploit code itself but played a central role in conspiring with others to launder large amounts of funds stolen during the exploit. Wallets linked to Gurevich received stolen assets within hours of the bridge being drained, suggesting close coordination with early attackers.
Gurevich used "chain-hopping" to move the stolen tokens across various blockchains, the Tornado Cash mixer to obfuscate the origin of the funds, and swapped ETH into the privacy-boosting Monero (XMR) and Dash. To cash out the proceeds, he used non-custodial exchanges, OTC brokers, and offshore bank accounts tied to fake or opaque legal entities, and also converted some crypto to fiat through providers with no KYC standards.
Gurevich's Arrest Follows Previous Suspect
Gurevich's arrest follows that of another suspected hacker, a Russian-Israeli citizen named Alexander Gurevich, who was caught on May 1st at the Ben Gurion airport in Tel Aviv using documents under a new name, Alexander Block. According to prosecutors, Gurevich exploited the Nomad bridge flaw and withdrew about $2.89 million in digital tokens.
Investigation Update
Gurevich is believed to have played a central role in the hack, and his arrest marks an important development in the ongoing investigation. The suspect will soon be extradited to the United States as legal procedures have already been approved.
The Nomad bridge hack serves as a reminder of the importance of addressing vulnerabilities in smart-contract platforms and the need for robust security measures to prevent such attacks in the future.