Russian-Israeli Citizen Arrested for $190M Nomad Bridge Hack

Alexander GurevichGURE--, a dual Russian-Israeli citizen, was arrested last week at Ben Gurion Airport in Tel Aviv while attempting to flee to Russia using a passport with an altered name. Gurevich is accused of playing a pivotal role in the 2022 NomadNOMD-- bridge hack, which resulted in the theft of $190 million in cryptocurrency. This incident led to the collapse of the crypto bridge protocol.

According to US prosecutors, Gurevich was the first to exploit a vulnerability in Nomad’s smart contracts, siphoning $2.89 million in cryptocurrency during the August 2022 attack. The hack was unusual because, after Gurevich’s initial exploit, numerous copycat attackers quickly replicated the exploit, leading to the majority of the $190 million loss. Blockchain researcher Samczsun explained that the hack was chaotic because it did not require specialized knowledge; attackers only needed to find a successful transaction, replace the recipient's address with their own, and re-broadcast it.

Gurevich’s attempt to flee was thwarted when authorities arrested him on May 1 while he waited to board a flight to Russia. The US had submitted a formal extradition request in December 2024. Israeli authorities are now arranging for his extradition to the United States, where he will face money laundering and computer-related charges that could carry up to 20 years in prison.

Gurevich returned to Israel from an overseas trip on April 19 and was ordered to appear before the Jerusalem District Court for an extradition hearing. On April 29, he changed his name in Israel’s Population Registry to “Alexander Block” and received a passport under this new name at Ben-Gurion Airport the next day.

Following the hack, Gurevich allegedly contacted Nomad’s chief technology officer, James Prestwich, via Telegram using a fake identity. He admitted to “amateurishly” seeking a crypto protocol to exploit and apologized for the trouble he caused. He also voluntarily transferred about $162,000 into a recovery wallet set up by the company. Prestwich reportedly offered Gurevich 10% of the value of the assets he had stolen as a reward, but Gurevich responded that he would consult his lawyer and never contacted Nomad again. At some point during negotiations, Gurevich demanded a $500,000 bounty for identifying the vulnerability, a practice not uncommon in the crypto world where exploiters sometimes negotiate to keep a percentage of stolen funds in exchange for returning the rest.

US federal authorities filed an eight-count indictment against Gurevich in the Northern District of California on August 16, 2023, and obtained a warrant for his arrest at that time. The arrest of Gurevich marks a significant development in the ongoing efforts to combat cybercrime and hold those responsible for large-scale cryptocurrency thefts accountable. The case highlights the complexities and challenges of extradition processes and the international cooperation required to bring cybercriminals to justice.