Alexander Gurevich – a citizen with dual Russian and Israeli nationality – who is suspected of playing a central role in the attack on the Nomad Bridge digital asset protocol, is expected to be extradited from Israel to the US soon to face money laundering charges.
According to information from The Jerusalem Post on 5/5, Gurevich was arrested at Ben-Gurion Airport while checking in for a flight to Russia. Previously, the US government had sent an official extradition request, accusing him of involvement in multiple high-tech crimes, including stealing and laundering millions of dollars in cryptocurrency.
The attack on Nomad Bridge in August 2022 was considered one of the most serious security incidents in the DeFi field. Gurevich is accused of being the first to discover and exploit a vulnerability in the smart contract, stealing approximately 2.89 million USD. The vulnerability was quickly exploited by dozens of other hackers, resulting in total damages of 190 million USD.
US prosecutors said that after the incident, Gurevich proactively contacted James Prestwich – CTO of Nomad – via Telegram under a fake identity. In the messages, he acknowledged the act of "amateur searching for crypto protocols to exploit" and sent an apology. Gurevich even returned 162,000 USD to the recovery wallet established by Nomad. When offered a 10% bug bounty, he proposed a reward of 500,000 USD and then cut off contact.
On 16/8/2023, the US government submitted an indictment with 8 charges against Gurevich at the Northern California District Court – where the Nomad Bridge development team is based – and issued an arrest warrant. Before being arrested, Gurevich was said to have changed his identity to avoid extradition.
Specifically, on 29/4, he changed his name in the Israeli population database to Alexander Block and received a new passport just one day later. However, his escape attempt failed when he was arrested at Ben-Gurion Airport on 1/5.
If convicted in the US, Gurevich could face up to 20 years in prison – significantly more than the corresponding penalty in Israel. Israeli authorities also suspect that he was present in the country just a few days before the hack, raising the possibility that the attack was carried out from Israeli territory.
