Suspect in $190M Nomad Hack to Be Extradited to U.S. on Money Laundering Charges

A dual Israeli-Russian national accused of participating in the $190 million Nomad bridge hack is set to be extradited to the United States, where he faces serious charges, including money laundering and computer-related crimes, according to a May 5 report by The Jerusalem Post.

The suspect, Alexander Gurevich, was arrested on May 1 at Israel’s Ben-Gurion Airport while attempting to board a flight to Russia. Authorities believe he played a central role in the August 2022 exploit that crippled the Nomad cross-chain bridge protocol and triggered a wave of copycat attacks.

Sudden Name Change, Arrest at the Airport

Gurevich had returned to Israel from abroad on April 19, only to be summoned shortly thereafter to appear before the Jerusalem District Court for an extradition hearing. In an apparent attempt to flee, he legally changed his name to Alexander Block in Israel’s Population Registry on April 29, and received a passport under the new identity the following day.

Two days later, while waiting to board a flight to Russia, Israeli authorities apprehended him.

The extradition process follows a formal U.S. request filed in December 2024, stemming from an eight-count indictment issued by the U.S. District Court for the Northern District of California in August 2023. The court has jurisdiction over the case because the Nomad team is based in California.

If convicted, Gurevich could face up to 20 years in prison under U.S. law — a significantly harsher sentence than what Israeli courts would likely impose for comparable charges.

Alleged messages between Gurevich and Nomad’s James Prestwich were shared on X by Israel-based Walla News journalist Yoav Itiel. Source: Yoav Itiel

Alleged Role in Nomad Exploit

Gurevich is accused of identifying and exploiting a critical vulnerability in the Nomad bridge protocol in August 2022, siphoning off an estimated $2.89 million in crypto tokens. The vulnerability was later exploited by dozens of others, escalating the total loss to $190 million, making it one of the most notorious bridge hacks in DeFi history.

In the aftermath of the attack, Gurevich allegedly contacted Nomad CTO James Prestwich via Telegram using a fake identity. According to prosecutors, he admitted he had been “amateurishly” looking for a crypto protocol to exploit, apologized for the damage, and returned approximately $162,000 worth of tokens to a recovery wallet established by the company.

Prestwich reportedly offered him a 10% bounty on the stolen funds if he returned the remainder. Gurevich said he would consult his lawyer but never replied again. At one point, he allegedly demanded $500,000 in exchange for identifying the exploit — an offer that Nomad never agreed to.

Hack Carried Out While in Israel

Investigators believe Gurevich may have conducted the hack while physically in Israel, having arrived in the country just days before the exploit occurred. His extradition will allow U.S. authorities to further probe the full extent of his alleged role and potentially unravel details about other individuals involved in the coordinated attack.

The Nomad bridge hack remains one of the most high-profile decentralized finance (DeFi) security breaches to date, exposing systemic vulnerabilities in cross-chain protocols and prompting renewed calls for improved security standards in the crypto ecosystem.