Israel Arrests Nomad Bridge Hacker Wanted by US for $190M Crypto Heist
Israeli authorities just handed the US a white-collar trophy—bagging the alleged mastermind behind the $190M Nomad Bridge exploit. Another day, another DeFi ’trustless’ system getting robbed blind.
Law enforcement cuts through crypto anonymity (again): The suspect’s identity remains under wraps, but the arrest proves even blockchain bandits leave breadcrumbs. Maybe next time try a hardware wallet in the Caymans?
Finance jab of the day: Wall Street still charges 2% fees for ’safe’ investments while hackers work commission-free.
What happened in the Nomad exploit?
In August 2022, attackers emptied Nomad’s reserves after discovering that its bridge allowed users to copy and modify a single transaction to claim funds without verification.
Gurevich’s transaction, broadcast to the blockchain, acted like a signal flare, and within minutes, hundreds of onlookers began copying the exploit by altering token amounts and recipient addresses.
A postmortem analysis by Coinbase’s blockchain intelligence team concluded that 90% of the addresses involved in the hack were “copycats,” mimicking the original method with minimal variation.
Altogether, they pulled around $88 million. By the time Nomad froze its systems, only $651 remained in its smart contract wallet. Several of the early wallets in the exploit were reportedly funded through coin mixer Tornado Cash.
Three days later, Gurevich allegedly messaged Nomad’s CTO, James Prestwich, using a fake identity.
He apologized for “amateurishly probing” the protocol, returned about $162,000 in tokens, and demanded a $500,000 reward. When Nomad countered with an offer of 10%, the conversation ended.
Per the Post’s reporting, the U.S. filed an indictment a year later in the Northern District of California, charging Gurevich with eight federal crimes, including money laundering, wire fraud, and computer intrusion.
Because Gurevich was not living in Israel at the time the alleged crimes occurred, he would not have to serve any resulting U.S. sentence in Israel.
For Nomad, which relaunched its bridge in late 2022, the exploit left scars that haven’t fully healed.
Though the company offered a 10% bounty to anyone returning stolen tokens and recovered around $37 million, most of the funds vanished across hundreds of addresses, some tied to known laundering tools.
