An Israeli-Russian national accused of exploiting a critical vulnerability in the Nomad bridge is reportedly facing extradition to the United States, where he could be charged with money laundering and other computer-related crimes.
A dual Israeli-Russian citizen, is suspected of stealing millions from the Nomad cross-chain bridge hack in August 2022, which ultimately resulted in a total loss of $190 million. He was arrested on May 1 at Israel’s Ben-Gurion Airport while attempting to board a flight to Russia.
Gurevich is believed to have identified and exploited a security flaw, siphoning approximately $2.89 million in crypto tokens. His arrest follows a complex timeline involving name changes, a reported apology to Nomad executives, and an indictment filed by U.S. authorities.
Timeline of arrest and identity change
The suspect had returned to Israel on April 19 and was shortly after summoned to appear before the Jerusalem District Court for an extradition hearing.
In a curious move, on April 29, Gurevich changed his name to “Alexander Block” in Israel’s Population Registry and secured a passport under the new identity the very next day. Just two days later, on May 1, he was detained at the airport before boarding a flight to Russia.
Prosecutors allege that following the hack, Gurevich contacted Nomad’s chief technology officer, James Prestwich, on Telegram using an alias, admitting that he had been “amateurishly” seeking a crypto protocol to exploit. Gurevich transferred approximately $162,000 back to a recovery wallet set up by Nomad.
During negotiations, Prestwich reportedly offered Gurevich 10% of the stolen assets’ value as a white-hat reward. Gurevich initially said he would consult his lawyer, but Nomad never heard from him again. At one point, he allegedly demanded $500,000 as compensation for identifying the vulnerability.
Legal proceedings and U.S. charges
The United States filed an eight-count indictment against Gurevich on August 16, 2023, in the Northern District of California, where the Nomad team is based. A warrant for his arrest was also issued. The U.S. formally requested his extradition in December 2024.
Gurevich now faces a potential 20-year prison sentence if convicted on money laundering and cybercrime charges in the United States—a significantly harsher penalty than what he would face under Israeli law.
Israeli investigators suspect that Gurevich carried out the attack while on Israeli soil, as he is believed to have arrived in the country just days before the $190 million exploit occurred.
