← Nomad1 decision on this page

Audit log

Every state-changing event for Nomad: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-20 18:59:01Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 421,044,890
sig
4Xv6AZtx2MQQ…vN6G3vZyexplorer ↗
hash
zgXww9yWKjEo…S6SfGJnLsha256 → base58
verifying row…full verify ↗
canonical bytes (8448 B) ▸
{"actor":"system:backfill","investigation_id":"f9e685c5-2870-4b10-914f-b599ddbdbd9c","kind":"publish","page_slug":"nomad","published_at":"2026-05-20T18:59:01.928Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Nomad","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.classaction.org/news/nomad-crypto-bridge-class-action-says-simple-programmer-mistake-allowed-186m-hack-in-2022"},{"credibility":3,"name":"","type":"other","url":"https://www.zellic.io/blog/audit-drift/"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/nomad-xyz-blog/nomad-bridge-hack-root-cause-analysis-875ad2e5aacd"},{"credibility":3,"name":"","type":"other","url":"https://www.crunchbase.com/organization/illusory-systems-inc"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/160851/nomads-190-million-bridge-exploit-drew-hacking-feeding-frenzy-of-300-addresses"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2022/08/11/copycats-stole-88m-during-nomad-exploit-by-copying-attackers-code-coinbase"},{"credibility":3,"name":"","type":"other","url":"https://techcrunch.com/2022/08/02/nomad-chaotic-exploit-crypto/"},{"credibility":3,"name":"","type":"other","url":"https://edition.cnn.com/2022/08/03/tech/crypto-bridge-hack-nomad"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/immunefi/hack-analysis-nomad-bridge-august-2022-5aa63d53814a"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-nomad-hack-august-2022"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cloud.google.com/blog/topics/threat-intelligence/dissecting-nomad-bridge-hack"},{"credibility":3,"name":"","type":"other","url":"https://www.trmlabs.com/resources/blog/key-suspect-in-190m-nomad-bridge-exploit-extradited-to-the-united-states"},{"credibility":3,"name":"","type":"other","url":"https://www.coinbase.com/es-es/blog/nomad-bridge-incident-analysis"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.cnbc.com/2022/08/05/crypto-startup-nomad-offers-10percent-bounty-after-190-million-hack.html"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/over-usd-36m-returned-nomad-bridges-fund-recovery-address.htm"},{"credibility":3,"name":"","type":"other","url":"https://blockchain.bakermckenzie.com/2024/04/08/u-s-court-dismisses-rico-lawsuit-brought-in-connection-with-nomad-bridge-hack/"},{"credibility":3,"name":"","type":"other","url":"https://www.theregister.com/2025/12/17/nomad_ftc_settlement/"},{"credibility":3,"name":"","type":"other","url":"https://www.insideprivacy.com/united-states/federal-trade-commission/ftc-announces-10-year-information-security-consent-orders-with-illuminate-education-and-illusory-systems/"},{"credibility":3,"name":"","type":"other","url":"https://www.federalregister.gov/documents/2025/12/19/2025-23407/illusory-systems-inc-analysis-of-proposed-consent-order-to-aid-public-comment"},{"credibility":3,"name":"","type":"other","url":"https://www.bleepingcomputer.com/news/legal/israel-arrests-new-suspect-behind-nomad-bridge-190m-crypto-hack/"},{"credibility":3,"name":"","type":"other","url":"https://www.dlnews.com/articles/defi/hacker-behind-190m-nomad-bridge-exploit-arrested-in-israel/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.ftc.gov/news-events/news/press-releases/2025/12/ftc-will-require-illusory-systems-return-money-stolen-hackers-implement-information-security-program"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/coinmonks/nomad-bridge-two-years-after-hack-dead-in-the-water-7235bb2d68ba"},{"credibility":3,"name":"","type":"other","url":"https://caselaw.findlaw.com/court/us-dis-crt-d-del/116009637.html"},{"credibility":3,"name":"","type":"other","url":"https://www.zellic.io/blog/audit-drift/"}]}],"sources_used":[],"summary":"Nomad was a cross-chain messaging bridge operated by Illusory Systems, Inc. that suffered one of the largest DeFi exploits in history on August 1–2, 2022, when a smart contract initialization bug allowed approximately $190 million in user funds to be drained in a chaotic free-for-all involving over 300 wallet addresses. The protocol never recovered meaningful user adoption after a December 2022 relaunch, faced a class action lawsuit and an FTC enforcement action, and in December 2025 agreed to a settlement requiring repayment of $37.5 million to affected users.","timeline":[{"date":"2021-11-10","event":"Illusory Systems, Inc. incorporated in Delaware by Pranay Mohan, James Prestwich, and Austin Liau.","source":""},{"date":"2022-05-01","event":"Quantstamp begins security audit of Nomad's smart contract system.","source":""},{"date":"2022-06-09","event":"Quantstamp delivers final audit report identifying 40 issues, including input validation edge cases. Audit team notes the Nomad team misunderstood at least one flagged issue.","source":""},{"date":"2022-06-21","event":"Nomad deploys a routine upgrade to its Replica smart contract that initializes the trusted Merkle root to 0x00, introducing the critical vulnerability. The deployed code differs from the audited version.","source":""},{"date":"2022-08-01","event":"An initial attacker discovers the zero-root initialization bug and begins draining funds from the Nomad bridge by calling the process() function with a zero root and modified recipient addresses.","source":""},{"date":"2022-08-02","event":"Over 300 wallet addresses join the exploit after the initial attacker's transaction calldata becomes visible on-chain. Approximately $190 million in user funds are drained in a chaotic free-for-all. CNN Business, TechCrunch, and CoinDesk report the event contemporaneously.","source":""},{"date":"2022-08-05","event":"Nomad announces a 10 percent bounty program, offering legal immunity and fund retention for any attacker returning at least 90 percent of drained assets.","source":""},{"date":"2022-08-11","event":"Coinbase publishes incident analysis estimating 88 percent of participating addresses were copycats; copycats collectively stole approximately $88 million.","source":""},{"date":"2022-08-20","event":"Over $36 million returned to Nomad's recovery address by more than 40 participating wallets — approximately 19 percent of total stolen funds.","source":""},{"date":"2022-12-01","event":"Nomad relaunches bridge to allow users to withdraw remaining bridged assets. The relaunch attracts negligible user activity and TVL.","source":""},{"date":"2023-01-01","event":"Class action lawsuit Singh v. Illusory Systems, Inc. et al. (1:23-cv-00183, D. Del.) filed by affected users asserting RICO and negligence claims.","source":""},{"date":"2023-08-16","event":"Federal grand jury in the Northern District of California issues an eight-count indictment against Alexander Gurevich for his alleged role in the exploit, including wire fraud, conspiracy, and money laundering.","source":""},{"date":"2024-04-08","event":"Federal district court dismisses RICO claims and most negligence claims in Singh v. Illusory Systems; fraud claim allowed to proceed.","source":""},{"date":"2024-12-01","event":"United States formally requests extradition of Alexander Gurevich from Israel.","source":""},{"date":"2025-04-19","event":"Gurevich re-enters Israel during the Passover holiday. Israeli authorities order him to appear for an extradition hearing, which he ignores.","source":""},{"date":"2025-04-30","event":"Gurevich legally changes his name to 'Alexander Block' in the Israeli Population Registry in an alleged attempt to conceal his identity.","source":""},{"date":"2025-05-01","event":"Israeli police arrest Alexander Gurevich at Ben-Gurion Airport while he is attempting to board a flight to Russia. Israeli authorities approve extradition to the United States.","source":""},{"date":"2025-12-17","event":"FTC announces proposed consent order requiring Illusory Systems to repay approximately $37.5 million to affected users and implement a 10-year information security program. Federal Register notice published December 19, 2025.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 9c56ca72-1fe9-4cb6-9a26-2c354c41a043

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.