Alexander Gurevich, a dual Russian-Israeli citizen from Bat Yam, is at the center of an international cybercrime scandal after his arrest at Ben-Gurion Airport last week.
Gurevich, 47, is accused of masterminding the 2022 Nomad Bridge hack, one of the most significant exploits in decentralized finance (DeFi) history, which resulted in nearly $190 million in digital asset losses and threatened the collapse of a major California-based blockchain firm.
Arrest and Attempted Escape
Gurevich was apprehended on May 1 as he attempted to board a flight to Russia using a passport issued under the new name “Alexander Block,” a change he had made only a day earlier.
According to Israeli authorities, he had returned to Israel on April 19 and was soon ordered by Justice Minister Yariv Levin to appear before the Jerusalem District Court for an extradition hearing.
Instead, Gurevich allegedly sought to evade prosecution by fleeing the country under a false identity.
The Nomad Bridge Exploit: Technical Breakdown
The case centers on the August 1, 2022, breach of the Nomad Bridge, a cross-chain protocol enabling asset transfers between blockchains such as Ethereum and Moonbeam.
Nomad’s architecture relies on both on-chain smart contracts and off-chain agents called Updaters to validate cross-chain messages.
A critical vulnerability emerged when an upgrade initialized the value of trusted roots to 0x00-The same value is used for untrusted roots.
This oversight meant that any message with a root value of 0x00 would be automatically validated as legitimate.
Attackers, including Gurevich, exploited this by crafting transactions with the 0x00 root and invoking the process() function directly on the Replica contract.
The contract’s logic failed to distinguish between trusted and untrusted messages, allowing anyone to submit fraudulent transactions and siphon funds from the bridge.
Gurevich allegedly withdrew approximately $2.89 million in tokens before the vulnerability became public, after which a wave of copycat attacks drained the remaining assets, bringing total losses to an estimated $186 million.
Key Smart Contract Functions Involved
process(): Allowed direct processing of messages without adequate validation.acceptableRoot(): ReturnedTruefor a null root due to the upgrade, bypassing security checks.messages[_messageHash]: Uninitialized entries defaulted to null, enabling unauthorized message processing.
Extortion Attempt and International Fallout
Following the hack, Gurevich reportedly contacted Nomad’s Chief Technology Officer, James Prestwich, via the encrypted messaging app Telegram.
Using a false identity, he admitted to “amateurishly” probing Nomad’s system and apologized for the breach.
He returned approximately $162,000 in stolen tokens but demanded a $500,000 reward for revealing the vulnerability.
When Nomad countered with an offer of 10% of the stolen amount, Gurevich ceased communication, prompting the FBI’s San Francisco field office to launch a criminal investigation.
Legal Proceedings and Extradition
US federal prosecutors filed an eight-count indictment against Gurevich in August 2023, including charges of wire fraud, money laundering, and transportation of stolen property.
The most serious offenses carry penalties of up to 20 years in prison.
The US formally requested his extradition in December 2024.
Israeli authorities, citing the severity of the charges and the international ramifications, have petitioned the Jerusalem District Court to declare Gurevich extraditable.
He remains in custody, represented by the Public Defender’s Office, as extradition proceedings continue.
Broader Implications
The Nomad Bridge hack underscores the critical importance of rigorous smart contract auditing and highlights the growing sophistication of cybercriminals targeting DeFi platforms.
The case also demonstrates the challenges authorities face in prosecuting cross-border crypto crimes, especially as suspects employ advanced laundering techniques and exploit legal loopholes.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=Alexander Gurevich, a dual Russian-Israeli citizen from Bat Yam, is at the center of an international cybercrime scandal after his arrest at Ben-Gurion Airport last week.){kind=link}