FTC avança com acordo no caso do hack da Nomad após roubo de US$ 186 milhões

A FTC (Comissão Federal de Comércio dos EUA) está prestes a fechar um dos maiores capítulos de segurança cripto dos últimos anos.

O acordo envolve o hack de 2022 que drenou mais de US$ 186 milhões da ponte Nomad. A plataforma, que permitia a movimentação de ativos entre blockchains, tornou-se um alvo fácil para um ataque coordenado.

O que exatamente deu errado?

Um erro de configuração no contrato inteligente abriu uma brecha. Em vez de um ataque sofisticado, foi uma falha básica que permitiu que qualquer um retirasse fundos. A comunidade testemunhou uma 'corrida do ouro' digital em tempo real.

O que isso significa para o setor?

O caso Nomad se tornou um estudo de caso clássico. Expôs a fragilidade das infraestruturas financeiras emergentes e a urgência de padrões mais rigorosos. A FTC, tradicionalmente focada em práticas comerciais, agora mira diretamente a segurança da web3.

O acordo sinaliza uma mudança. Reguladores não estão mais apenas observando – estão agindo. Para projetos de cripto, a mensagem é clara: segurança não é um recurso opcional. É a base.

Enquanto isso, em Wall Street, alguém provavelmente está cobrando uma taxa de consultoria por 'inovação em gestão de risco' por um relatório sobre o caso. A ironia é deliciosa.

O fechamento do caso Nomad não apaga o prejuízo, mas acende um farol. O caminho para a adoção em massa é pavimentado com código impecável e auditorias implacáveis. O mercado está aprendendo – a um custo altíssimo.

Nomad crypto hack incident raises safety concerns among crypto investors 

The FTC mentioned in its original complaint that Nomad failed to effectively prevent the hack because it lacked the right incident response systems in place. According to the agency, “They had to depend on an engineer who was on a plane to send code snippets back and forth with the incident manager. Because of this delay, Nomad couldn’t shut down the bridge until after it lost all its assets.” 

In the proposed agreement, the FTC highlighted that it decided to submit a Complaint, indicating the charges, after discovering sufficient evidence to support its claim that the Respondent had breached the Federal Trade Commission Act. 

This conclusion followed a thorough investigation into the matter that was conducted by the commission. “The Commission has accepted the signed Consent Agreement and made it public for 30 days to allow for public comments,” the agency added.

Meanwhile, established in 2021, Nomad operated as a blockchain bridge that enabled users to transfer tokens across various blockchain networks, including Ethereum and Avalanche.

According to a report from the FTC, a code update implemented in June 2022 resulted in a major defect in one of the smart contracts on Nomad. Hackers began to take advantage of the situation on August 1, 2022, resulting in substantial losses of approximately $186 million in Ethereum, USDC, DAI, and WBTC. 

Illusory Systems had marketed Nomad as a Safety-focused platform, according to the agency’s complaint. However, the commission argued that they failed to properly test the code or keep clear processes for reporting suspicious incidents and responding to them.

The FTC accuses Illusory Systems of ignoring basic safety measures

The federal agency alleged that Illusory Systems failed to establish basic safety measures that could have mitigated the losses clients faced and did not comply with established secure coding practices, such as conducting proper unit tests before introducing the code.

The FTC stated that although Nomad pointed out that it had adopted thorough testing of smart contracts in its advertising, Nomad engineers admitted that the platform did not frequently test them adequately before the hack took place.

After the hack incident, Nomad was able to recover around $22 million of the $190 million that was robbed. This situation illustrates a growing trend in the cryptocurrency industry, where criminals often steal substantial sums of clients’ funds. To support this claim, Israeli authorities reported earlier this year that they managed to arrest Alexander Gurevich for supposedly starting the Nomad bridge exploit. 

Reports from the police stated that Gurevich was caught at an Israel-based airport while attempting to flee to Moscow just a few days after he lawfully changed his name to remain hidden from the authorities.

Join a premium crypto trading community free for 30 days - normally $100/mo.