- US crypto trade groups challenge the FTC’s Nomad complaint in the nomad bridge hack ftc dispute, saying kill switches and circuit breakers are not standard and imply central control.
- The bridge lost $186 million in 2022 to about 300 hackers; roughly $37 million was recovered, and the relaunch holds about $1 million in deposits.
- Illusory Systems agreed to settle; proposed terms include a new security program and returning any remaining recovered crypto, as a suspect was extradited.
The nomad bridge hack ftc dispute is widening after several US crypto trade associations criticised a Federal Trade Commission complaint that linked a major 2022 breach to the absence of a “kill switch” in the underlying software. The complaint concerns Nomad, a crypto bridge built by a Utah-based company, which was hacked for close to $200 million in 2022. Although the bridge was relaunched in December 2022, it has not drawn meaningful usage since then. Even with the project appearing largely inactive, its parent company, Illusory Systems, agreed last year to settle the FTC’s case.
Nomad bridge hack FTC complaint and industry pushback
The FTC’s complaint accused Illusory Systems of failing to take what the agency called reasonable steps to secure the Nomad Token Bridge. The agency published the complaint in December alongside a proposed settlement. In the filing, the FTC argued that the company did not add “circuit breakers” or a “kill switch” that could stop the bridge when suspicious activity appeared. The trade associations, writing to the agency this week, said that framing alarmed the industry because such tools are not widely used as a default approach and could, in some situations, increase exposure to attackers rather than reduce it.
The groups also objected to what they see as an implied demand for unilateral control. A kill switch, they argued, suggests a single party can shut down operations, which they described as unacceptable for developers working on decentralised protocols. The letter characterised the FTC’s position as creating expectations that could restrict how decentralised software is built. The disagreement, they said, shows how consumer protection regulators can impose requirements that limit developers’ ability to design and deploy these systems.
The 2022 Nomad hack and what followed
Crypto bridges are designed to let users transfer assets across blockchains that do not otherwise connect. The source material describes these bridges as frequent targets for theft. Nomad promoted its security posture earlier in 2022, saying in April of that year that it raised $22 million at a $225 million valuation to build “security-first interoperability.”
Four months later, the bridge suffered a major exploit. About 300 hackers took advantage of a software bug and stole $186 million in crypto. The FTC attributed the breach to code that was not adequately tested. The incident drew lasting attention in the decentralised finance sector. TRM Labs, a crypto forensics firm, described it last year as “one of the most remarkable and chaotic hacks in decentralised finance history.”
Nomad’s developers later recovered roughly $37 million. The recoveries were tied to ethical hackers who participated in the exploit with the stated aim of keeping other attackers from draining everything. Still, the relaunch in December 2022 did not revive the project. DefiLlama data showed that as of Friday the bridge held only $1 million in user deposits. Nomad’s last post on X was more than two years ago, according to the source.
What the settlement could require and why critics call it an impossible mandate
In the FTC’s view, Nomad used “unfair security practices,” and the agency pointed to the lack of a kill switch as an example. The complaint also alleged that users were misled when the company marketed a “security first” approach. Illusory Systems agreed to settle the FTC’s complaint last year. If the complaint and settlement become final, Nomad would be required to establish a new information security programme. The settlement would also require it to return any remaining crypto it recovered after the hack, among other steps referenced in the source.
The trade groups urged the FTC to revise the complaint because, in their reading, it suggests software is unlawful to release without certain controls, including a kill switch. They argued that implementing such a feature would require “privileged control or some other centralised authority to execute,” which clashes with decentralised designs. In the same letter, they warned that decentralised governance and operational control models could be blocked or made impractical under the expectations set out in the proposed complaint.
The debate drew comment from Consensys, the developer behind MetaMask. Bill Hughes, senior counsel at Consensys, wrote to the FTC that circuit breakers are not an industry standard today and were not standard at the time of the Nomad incident.
Separately, the source notes a law enforcement development tied to the hack. Last year, Israeli police arrested Alexander Gurevich, described as a dual Russian-Israeli citizen, after he allegedly tried to travel to Russia using documents with a different name, according to a Jerusalem Post report. He was extradited to the United States on suspicion of involvement in the Nomad hack. DL News reported it could not immediately determine on Thursday whether Gurevich was ultimately charged in connection with the incident.
Conclusion
The nomad bridge hack ftc disagreement centres on how regulators define reasonable security for crypto software and whether a missing kill switch can be treated as a legal failure. With Nomad holding $1 million in deposits as of Friday and its public communications dormant for more than two years, the FTC settlement process has become a broader flashpoint about decentralisation, operational control, and the standards developers can realistically meet.
Disclaimer
The information provided in this article is for informational purposes only and should not be considered financial advice. The article does not offer sufficient information to make investment decisions, nor does it constitute an offer, recommendation, or solicitation to buy or sell any financial instrument. The content is opinion of the author and does not reflect any view or suggestion or any kind of advise from CryptoNewsBytes.com. The author declares he does not hold any of the above mentioned tokens or received any incentive from any company.
Featured image created by AI
Subscribe To Our Newsletter
Join our mailing list to receive the latest news and updates from our team.