Nomad Bridge Hacker Arrested in Israel Over $190M Crypto Exploit

Alexander Gurevich, an American-Israeli dual citizen, was detained in Israel and now faces extradition to the United States.

Gurevich, a dual Russian-Israeli citizen, has been arrested in Israel for his alleged involvement in the $190 million Nomad Bridge hack that occurred in August 2022. The arrest was made at Ben Gurion Airport while Gurevich was attempting to flee to Russia under a new identity, having legally changed his name to “Alexander Block” just days prior.

“He fits the profile of a crypto-native threat actor: skilled in smart contract exploitation but ultimately undone by poor opsec,” said Peter Kacherginsky, a blockchain security expert and formerly of Coinbase’s Unit 0x security team, on X in reaction to Gurevich’s arrest.

The Nomad Bridge exploit remains one of the most remarkable and chaotic hacks in decentralized finance (DeFi) history. On August 1, 2022, attackers took advantage of a critical vulnerability in a Nomad smart contract — a verification bug introduced in a routine code update that allowed messages with invalid proofs to be accepted as valid.

This misconfiguration in the bridge’s process() function caused the contract to accept any message with the correct root hash, regardless of whether the proof was legitimate. Once one user figured out the exploit, believed to be Gurevich, it was rapidly copied and pasted by hundreds of wallets in a type of “mob attack,” turning a targeted hack into an opportunistic frenzy.

It has been reported that US prosecutors are accusing Gurevich of being the first to exploit the weakness in Nomad’s smart contracts. This eventually led to the exploit of $190 million, which was mostly in USDC stablecoin and wrapped versions of Bitcoin and Ethereum.

The accusations are based on a series of Telegram messages Gurevich sent to the Nomad team. He allegedly requested a US$500,000 bounty for identifying the vulnerabilities in Nomad’s smart contracts that allowed them to be exploited.

According to publicly available court filings and law enforcement statements, Gurevich worked with others to conduct the exploit and launder the funds. The funds are alleged to have been laundered through a complex web of privacy coins, mixers, and offshore financial entities.

US prosecutors say Gurevich managed to siphon US$2.89 million from Nomad Bridge. The rest of the US$190 million is believed to have been lost to the copycats who joined in a free-for-all to steal as much money as they could.

Blockchain intelligence firm TRM Labs reported that Gurevich used a ‘classic mixer stack’. He moved assets through Tornado Cash on Ethereum, then converted ETH to privacy coins such as Monero (XMR) and Dash (DASH). The privacy-centric assets were then routed through Defi tools — non-custodial exchanges and decentralized liquidity pools — Before cashing out via over-the-counter (OTC) and offshore bank accounts. The offshore bank accounts were often linked to shell companies registered in jurisdictions with ‘loose’ regulations.

It is also suggested that Gurevich leveraged Virtual Asset Service Providers (VASPs) platforms with weak Know Your Customer (KYC) standards to convert crypto into fiat. He also allegedly used peer-to-peer (P2P) platforms in jurisdictions with limited enforcement capacity.

The successful arrest and extradition of a key figure in the Nomad Bridge exploit signal that pseudo-anonymity is no guarantee of impunity in the crypto space. Through global cooperation, data-driven investigations, and increasingly sophisticated blockchain intelligence, law enforcement agencies are closing the gap on illicit actors.