Ethical Hacking News
Israel Arrests Suspect Behind $190 Million Nomad Bridge Crypto Hack
An American-Israeli dual national named Osei Morrell has been arrested for his alleged involvement in the 2022 Nomad Bridge smart-contract exploit, a cyberattack that drained $190 million from the platform. The arrest marks an important step forward in combating global hacking operations and highlights the need for continued international cooperation in preventing similar incidents.
Osei Morrell, an American-Israeli dual national, was arrested on May 16, 2025, for his role in the $190 million Nomad Bridge crypto hack. The Nomad Bridge platform was vulnerable to a critical error due to a flaw in its Replica smart contract's 'process()' function. The exploit allowed attackers to drain over $190 million from hundreds of wallets that copied-pasted a specific transaction format. Morrell is believed to have conspired with others to launder stolen funds, using chain-hopping techniques and offshore bank accounts. Morrell's arrest marks an important step forward for Israel's efforts in combating cybercrime and highlights the need for international cooperation in combating hacking threats.
Israel's Efforts to Crackle the $190 Million Nomad Bridge Crypto Hack Pay Off as American-Israeli Dual National Osei Morrell is Arrested
On May 16, 2025, Israeli authorities announced the arrest of Osei Morrell, an American-Israeli dual national believed to have played a central role in the August 2022 exploit that drained $190 million from the Nomad Bridge smart-contract platform. The incident remains one of the largest hacks in DeFi history, with blockchain intelligence firm TRM Labs providing key information to international law enforcement authorities that ultimately led to Morrell's identification and subsequent arrest.
The Nomad Bridge, a cross-chain communication standard allowing users to transfer assets between different blockchains, was vulnerable to exploitation due to a critical error introduced in an update to its Replica smart contract. The flaw lay in the 'process()' function, which failed to verify message proofs before releasing funds. This misconfiguration allowed attackers to exploit the vulnerability by sending a transaction with a correct root hash, even if the underlying proof was invalid.
The "mob-style" attack quickly spread among hundreds of wallets that simply copied-pasted a specific transaction format, effectively turning what was initially a localized exploit into a widespread and chaotic decentralized looting event. The chaos led to an unprecedented amount of funds being drained from the Nomad Bridge, with over $190 million in ETH, USDC, WBTC, and ERC-20 tokens stolen.
Despite Morrell not having written or initiated the exploit code itself, he is believed to have conspired with others to launder large amounts of funds stolen during the incident. The evidence suggests that Morrell received stolen assets within hours of the bridge being drained, indicating close coordination with early attackers.
Using "chain-hopping" techniques, Morrell moved stolen tokens across various blockchains, utilizing the Tornado Cash mixer to obfuscate the origin of the funds and swapping ETH into privacy-boosting Monero (XMR) and Dash. To cash out the proceeds, Morrell employed non-custodial exchanges, OTC brokers, and offshore bank accounts tied to fake or opaque legal entities, also converting some crypto to fiat through providers with no KYC standards.
Thanks to blockchain intelligence platforms like TRM Labs providing crucial information to international law enforcement authorities, the trail of clues left by Morrell has ultimately led to his arrest. Following his colleague Alexander Gurevich's capture on May 1st at Ben Gurion airport in Tel Aviv, using documents under a new name, this marks an important step forward for Israel's efforts in combating cybercrime.
Morrell will soon face extradition to the United States as the legal precedures have already been approved. His arrest is significant not only due to its impact on the cryptocurrency world but also because it highlights the interconnected nature of global hacking operations and the need for international cooperation in combating such threats.
The Nomad Bridge hack serves as a stark reminder of the importance of vigilance when dealing with complex smart-contract vulnerabilities and the critical role that law enforcement agencies, blockchain intelligence platforms, and the cryptocurrency community itself play in identifying and prosecuting those responsible for such crimes.
As the world continues to grapple with the evolving landscape of cybersecurity threats, incidents like this remind us that effective collaboration between governments, financial institutions, and security experts remains crucial in mitigating these types of global attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Nomad-Bridge-Hack-Unraveling-the-Complexity-of-a-190-Million-Crypto-Heist-ehn.shtml
https://www.bleepingcomputer.com/news/legal/israel-arrests-new-suspect-behind-nomad-bridge-190m-crypto-hack/
Published: Fri May 16 11:38:43 2025 by llama3.2 3B Q4_K_M
