- Alleged DeFi exploiter arrested in Israel.
- Authorities are planning to extradite him to the US.
- He faces charges of money laundering and computer-related offences.
Last week, Israeli police arrested a hacker suspected of being involved in the exploit that drained $190 million in cryptocurrency from Nomad, leading to the collapse of the crypto bridge protocol.
According to reporting by The Jerusalem Post, Alexander Gurevich, the suspected hacker, was nabbed at the Ben Gurion Airport in Tel Aviv. Gurevich, a dual Russian-Israeli citizen, attempted to travel to Russia using documents bearing a different name at the time of his arrest.
“He fits the profile of a crypto-native threat actor: skilled in smart contract exploitation but ultimately undone by poor opsec,” Peter Kacherginsky, a blockchain security expert and formerly of Coinbase’s Unit 0x security team, said on X in reaction to Gurevich’s arrest.
Israeli authorities are now arranging Gurevich’s extradition to the US, where he faces money laundering and computer-related offences.
The report said US prosecutors accused Gurevich of being the first to exploit the weakness in Nomad’s smart contracts, leading to the $190 million exploit, which was mostly in USDC stablecoin and wrapped versions of Bitcoin and Ethereum.
That allegation is based on Gurevich’s alleged admission to the Nomad team in a series of Telegram messages. He even supposedly requested a $500,000 bounty for identifying the vulnerability that allowed an attacker to spoof Nomad’s smart contracts with invalid transactions to withdraw funds from the protocol.
It’s not uncommon for crypto exploiters to demand a percentage of their loot as a bounty from the affected protocol. The agreement is usually one that involves a return of the rest of the exploited funds in exchange for foregoing any law enforcement action against the attacker.
Most hackers have ignored such arrangements, except for a few notable exceptions. Last May, a hacker who stole $72 million from a Bitcoin whale negotiated to keep 10% of the syphoned funds while returning the rest.
US prosecutors accused Gurevich of syphoning $2.89 million in cryptocurrency from Nomad in August 2022.
But Nomad lost $190 million in the attack. So, who’s responsible for the rest of the attack?
The answer, a mob of copycats who joined the frenzy once the exploit was detected, turning one hacker’s breach into a DeFi free-for-all.
“This is why the hack was so chaotic ― you didn‘t need to know about Solidity or Merkle Trees or anything like that,” Samczsun, a prominent pseudonymous blockchain researcher, said at the time of the exploit. All you had to do was find a transaction that worked, find/replace the other person‘s address with yours, and then re-broadcast it.”
Onchain data from the exploit reported by Coinbase revealed 88 unique wallet addresses identified as copycats, and they were responsible for removing $88 million from the bridge. Other participants in the free-for-all exploit used different methods from Gurevich’s but ultimately exploited the same vulnerability to extract funds from Nomad.
Some participants ultimately turned out to be whitehats, so-called ethical hackers, who act to mitigate against bad actors or blackhats. These whitehats returned the funds they withdrew from Nomad during the attack.
Osato Avan-Nomayo is our Nigeria-based DeFi correspondent. He covers DeFi and tech. Got a tip? Please contact him at osato@dlnews.com
