Skip to main content
Sign in
Nomad Bridge1 decision on this page

Audit log

Every state-changing event for Nomad Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-30 18:25:37Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,210,460
    sig
    3nfHBgyL7eXM…b2ZzdrS5explorer ↗
    hash
    EhszxAJKAX9B…1vDDQ3KRsha256 → base58
    verifying row…full verify ↗
    canonical bytes (8645 B) ▸
    {"actor":"system:backfill","investigation_id":"36722e1d-f43e-49aa-a454-62e23ca2c6f3","kind":"publish","page_slug":"nomad-bridge","published_at":"2026-05-30T18:25:37.362Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Nomad Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.classaction.org/news/nomad-crypto-bridge-class-action-says-simple-programmer-mistake-allowed-186m-hack-in-2022","type":"other","url":""},{"credibility":3,"name":"https://www.crunchbase.com/organization/illusory-systems-inc","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-nomad-hack-august-2022","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-nomad-hack-august-2022","type":"other","url":""},{"credibility":3,"name":"https://medium.com/immunefi/hack-analysis-nomad-bridge-august-2022-5aa63d53814a","type":"other","url":""},{"credibility":3,"name":"https://nomoslabs.io/blog/nomad-bridge-exploit-technical-breakdown-190m-hack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cloud.google.com/blog/topics/threat-intelligence/dissecting-nomad-bridge-hack","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/160851/nomads-190-million-bridge-exploit-drew-hacking-feeding-frenzy-of-300-addresses","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/106459/crypto-bridge-nomad-exploited-190m-frenzied-free-for-all","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/white-hat-hackers-have-returned-32-6m-worth-of-tokens-to-nomad-bridge","type":"other","url":""},{"credibility":3,"name":"https://www.cnbc.com/2022/08/05/crypto-startup-nomad-offers-10percent-bounty-after-190-million-hack.html","type":"other","url":""},{"credibility":3,"name":"https://www.theregister.com/2025/12/17/nomad_ftc_settlement/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.classaction.org/media/singh-v-illusory-systems-inc-et-al.pdf","type":"other","url":""},{"credibility":3,"name":"https://blockchain.bakermckenzie.com/2024/04/08/u-s-court-dismisses-rico-lawsuit-brought-in-connection-with-nomad-bridge-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.ftc.gov/news-events/news/press-releases/2025/12/ftc-will-require-illusory-systems-return-money-stolen-hackers-implement-information-security-program","type":"other","url":""},{"credibility":3,"name":"https://www.federalregister.gov/documents/2025/12/19/2025-23407/illusory-systems-inc-analysis-of-proposed-consent-order-to-aid-public-comment","type":"other","url":""},{"credibility":3,"name":"https://www.theregister.com/2025/12/17/nomad_ftc_settlement/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.trmlabs.com/resources/blog/key-suspect-in-190m-nomad-bridge-exploit-extradited-to-the-united-states","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/israeli-authorities-arrest-nomad-bridge-hacker-approve-extradition-to-us/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/suspect-behind-190-million-nomad-bridge-hack-extradited-us","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/immunefi/hack-analysis-nomad-bridge-august-2022-5aa63d53814a","type":"other","url":""},{"credibility":3,"name":"https://www.elliptic.co/blog/analysis/nomad-loses-156-million-in-seventh-major-crypto-bridge-exploit-of-2022","type":"other","url":""},{"credibility":3,"name":"https://cyberscoop.com/ftc-settles-with-illusory-systems-in-2022-cryptocurrency-hack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cloud.google.com/blog/topics/threat-intelligence/dissecting-nomad-bridge-hack","type":"other","url":""},{"credibility":3,"name":"https://www.elliptic.co/blog/analysis/nomad-loses-156-million-in-seventh-major-crypto-bridge-exploit-of-2022","type":"other","url":""},{"credibility":3,"name":"https://edition.cnn.com/2022/08/03/tech/crypto-bridge-hack-nomad","type":"other","url":""}]}],"sources_used":[],"summary":"Nomad Bridge, operated by Illusory Systems Inc., was a cross-chain asset bridge that suffered a catastrophic $190 million exploit on August 1, 2022, when a routine smart contract upgrade inadvertently initialized trusted Merkle roots to a zero value, rendering all message proofs automatically valid. The vulnerability enabled a widely replicated 'crowd-sourced' draining event involving approximately 300 addresses over roughly 150 minutes — widely regarded as the first 'permissionless' mass-exploitation event in DeFi history. Subsequent actions include a class-action lawsuit, a December 2025 FTC settlement requiring repayment of approximately $37.5 million to affected users, and the 2025 arrest and extradition of a key suspect, Russian-Israeli national Alexander Gurevich.","timeline":[{"date":"2021-11-10","event":"Illusory Systems Inc. incorporated in Delaware; Nomad Bridge protocol development begins under founders Pranay Mohan and James Prestwich.","source":""},{"date":"2022-04-01","event":"Illusory Systems raises $22.4 million in seed funding led by Polychain Capital, with participation from Circle Ventures, Hack VC, Archetype, Breyer Capital, and others.","source":""},{"date":"2022-06-01","event":"A routine upgrade to the Nomad Replica.sol smart contract initializes the trusted Merkle root to 0x00, inadvertently making all message proofs automatically valid. The vulnerability goes undetected.","source":""},{"date":"2022-08-01","event":"An initial attacker discovers the zero-root vulnerability and drains 100 WBTC. Within minutes, approximately 300 addresses begin copying the exploit transaction, substituting their own recipient addresses. Roughly $190 million is drained over approximately 150 minutes in what analysts describe as the first 'crowd-sourced' DeFi exploit.","source":""},{"date":"2022-08-05","event":"Nomad announces a 10% bounty program, offering to refrain from legal action against exploiters who return 90% of stolen funds, plus a Whitehat NFT. CNBC and major outlets report on the offer.","source":""},{"date":"2022-08-09","event":"White-hat participants have returned approximately $32.6 million in tokens to Nomad's recovery address, representing early partial recovery.","source":""},{"date":"2023-02-01","event":"Class-action lawsuit Singh v. Illusory Systems Inc. filed in the U.S. District Court for the District of Delaware, alleging RICO violations including wire fraud and operating an unlicensed money-transmitting business.","source":""},{"date":"2023-08-01","event":"FBI's San Francisco field office files an eight-count federal indictment in the Northern District of California against Alexander Gurevich, a Russian-Israeli dual national, alleging wire fraud, conspiracy, and money laundering in connection with the Nomad exploit.","source":""},{"date":"2024-03-29","event":"U.S. District Court dismisses RICO claims in the Singh v. Illusory Systems class-action lawsuit.","source":""},{"date":"2024-12-01","event":"The United States formally submits an extradition request to Israel for Alexander Gurevich.","source":""},{"date":"2025-04-19","event":"Alexander Gurevich re-enters Israel during Passover holiday and is summoned for an extradition hearing. He ignores the summons and legally changes his name to 'Alexander Block' in Israel's Population Registry.","source":""},{"date":"2025-05-01","event":"Gurevich applies for a new passport under his changed name and attempts to board a flight to Russia. Israeli police, coordinating with the DOJ, FBI, and Interpol, arrest him at the airport. Israeli authorities approve extradition to the United States.","source":""},{"date":"2025-12-16","event":"The FTC announces a proposed settlement with Illusory Systems Inc. requiring the company to repay approximately $37.5 million to affected users, implement a comprehensive security program, and cease misrepresentations about product security.","source":""},{"date":"2025-12-19","event":"The proposed FTC consent order is published in the Federal Register for public comment, with a comment deadline of January 20, 2026.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision a3316968-d73a-472b-9c45-defbbef31809
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.