Israel arrests suspect wanted by U.S. for Nomad Bridge hacking

Alexander Gurevich, a dual US-Israeli citizen, has been arrested in Jerusalem by Israeli police for his alleged involvement in the August 2022 Nomad Bridge hack, where around $190 million in cryptocurrencies were stolen. In addition, the authorities have initiated legal proceedings, to extradite Gurevich to the United States.

The attack on Nomad Bridge happened due to the exploitation of a vulnerability introduced in an update of the smart contract Replica, which was supposed to verify message checks before releasing any funds, but the configuration error allowed accepting any message with a correct root hash, even if the aforementioned previous check was invalid. This bug triggered massive looting by hundreds of attackers who simply copied and pasted a specific transaction format. As a result, more than $190 million in various cryptocurrency tokens were extracted.

Although Gurevich is not believed to have developed the exploit code, authorities believe he would have played a central role in laundering the stolen funds. His wallets received stolen assets within hours of the initial attack, suggesting coordination with the first attackers. Techniques such as chain-hopping were allegedly used to move the stolen tokens across multiple blockchains, the origin of the funds was concealed and conversion to other cryptocurrencies used to increase user privacy. Offshore accounts were also employed to hide the origin of the funds and convert them to cash.

Despite these efforts to conceal the transactions, blockchain analysis was able to trace the activity and link it to Gurevich, which led to his arrest. In addition, it was discovered that Gurevich contacted Nomad Bridge's CTO after the attack, confessing to having been looking for weaknesses in the platform and demanding a $500,000 bounty, reinforcing his direct involvement in the events.