逮捕Nomad Bridge Hack嫌疑人

古里維奇（Gurevich）是一名雙重以色列公民，因涉嫌參與2022年8月發生的1.9億美元的Nomad Bridge Hack而在以色列被捕。

Alexander Gurevich, a dual US-Israeli citizen, has been detained in Israel and now faces extradition to the United States, where he is being sued by the liquidators of bankrupt crypto firm Celsius Network for allegedly collecting a portion of a $190 million bounty from the 2022 Nomad Bridge hack.

亞歷山大·古里維奇（Alexander Gurevich）是一名雙重以色列公民，已被拘留在以色列，現在面臨引渡到美國，在那裡他被破產的加密貨幣公司CELSIUS網絡的清算人起訴，據稱他從20222 Nomad Bridge Bridgad Hack中收集了1.9億美元的賞金。

The arrest of Gurevich, who is also a Russian citizen, comes as part of an ongoing investigation into the August 2022 hack of the Nomad cryptocurrency bridge, which saw nearly $190 million stolen from the protocol.

Gurevich也是俄羅斯公民的逮捕，是對2022年8月的Nomad Cryptocurrency Bridge進行的持續調查的一部分，該橋從該協議中被盜了近1.9億美元。

According to reports, Gurevich was planning to flee to Russia but was apprehended at Ben Gurion Airport while attempting to travel on a new identity after legally changing his name to "Alexander Block" just days prior.

據報導，古里維奇（Gurevich）計劃逃往俄羅斯，但在幾天前合法將自己的名字更改為“亞歷山大·布洛克（Alexander Block）”之後，在本古里安機場（Ben Gurion Airport）被逮捕。

"He fits the profile of a crypto-native threat actor: skilled in smart contract exploitation but ultimately undone by poor opsec," said Peter Kacherginsky, a blockchain security expert and formerly of Coinbase’s Unit 0x security team, on X in reaction to Gurevich’s arrest.

區塊鏈安全專家彼得·卡切爾金斯基（Peter Kacherginsky）說：“他符合加密本地威脅參與者的個人資料：熟練的智能合同剝削，但最終被窮人的OPSEC撤銷。”

The 2022 Nomad Bridge exploit, which saw the misconfiguration of a bridge's process() function cause the contract to accept any message with the correct root hash—even if the proof was illegitimate—has been touted as one of the most remarkable and chaotic hacks in decentralized finance (DeFi) history.

2022年Nomad Bridge漏洞利用了橋樑的過程（）功能的錯誤配置，這會導致合同接受任何具有正確的根部哈希的信息（即使證明是非法的，也被吹捧為最引人注目，最混亂的黑客之一，這是分散的金融（DEFI）歷史上的最引人注目的。

On August 1, 2022, after a routine code update introduced a critical vulnerability in a Nomad smart contract—a verification bug—messages with invalid proofs began to be accepted as valid.

在2022年8月1日，在常規代碼更新引入了Nomad智能合約中的關鍵漏洞（一個驗證錯誤），並開始接受帶有無效證明的驗證漏洞。

This misconfiguration in the bridge's process() function caused the contract to accept any message with the correct root hash, regardless of whether the proof was legitimate.

橋樑的過程（）函數中的這種錯誤配置導致合同接受任何具有正確根部哈希的信息，而不管證據是否合法。

Once one user figured out the exploit—believed to be Gurevich—it was rapidly copied and pasted by hundreds of wallets in a type of "mob attack," turning a targeted hack into an opportunistic frenzy.

一旦一個用戶發現了漏洞利用（被認為是Gurevich），它就會被數百個錢包迅速復制和粘貼，以一種“暴民攻擊”，將目標的駭客變成了機會性的瘋狂。

The identity of the first user to attempt to siphon funds from the protocol is still up for debate, but according to reports by The Block and Point of Law, US prosecutors are putting forth the case that Gurevich was the first to manage to steal from Nomad and that he later had a hand in laundering the funds.

第一個試圖從協議中汲取資金的用戶的身份仍在進行辯論，但是根據法律和法律點的報導，美國檢察官正在提出案子，即古列維奇是第一個從Nomad那裡竊取的人，後來他有了洗錢的手。

The accusations are based on a series of Telegram messages Gurevich sent to the Nomad team, in which he requested a US$500,000 bounty for identifying the vulnerabilities in Nomad’s smart contracts that allowed them to be exploited.

這些指控基於發送給Nomad團隊的一系列電報消息Gurevich，他要求提供500,000美元的賞金來確定Nomad智能合約中的漏洞，以使他們被利用。

The funds were laundered through a complex web of privacy coins, mixers, and offshore financial entities, according to publicly available court filings and law enforcement statements.

根據公開可用的法院文件和執法陳述，這些資金通過複雜的隱私硬幣，混合器和海上金融實體洗錢。

Of the total US$190 million exploited from Nomad, Gurevich is said to have managed to siphon US$2.89 million. The rest of the US$190 million is believed to have been lost to the copycats who joined in a free-for-all to steal as much money as they could.

在從Nomad中剝削的1.9億美元中，據說古雷維奇（Gurevich）已設法撤銷了289萬美元。據信，其餘的1.9億美元被丟失了，這些模仿者加入了全部自由，以竊取盡可能多的錢。

According to TRM Labs, Gurevich used a 'classic mixer stack', moving assets through Tornado Cash on Ethereum, then converting ETH to privacy coins such as Monero (XMR) and Dash (DASH), which were routed through Defi tools—non-custodial exchanges and decentralized liquidity pools— to cash out via over-the-counter (OTC) and offshore bank accounts. The offshore bank accounts were often linked to shell companies registered in jurisdictions with ‘loose’ regulations.

根據TRM Labs的說法，Gurevich使用了“經典混合堆棧”，通過以太坊上的龍捲風現金移動資產，然後將ETH轉換為隱私硬幣，例如Monero（XMR）和DASH（DASH），這些硬幣是通過Defi工具（通過不構造的交換和不利的流動性池）進行的，以兌換庫存（cash）庫存（cash）（cash）（cash）庫存（castercounter）（counter）（counter）（counter）（counter）。離岸銀行帳戶通常與在“鬆散”法規的司法管轄區註冊的殼牌公司有關。

It is also suggested that Gurevich leveraged Virtual Asset Service Providers (VASPs) platforms with weak Know Your Customer (KYC) standards to convert crypto into fiat. He also allegedly used peer-to-peer (P2P) platforms in jurisdictions with limited enforcement capacity.

還建議Gurevich利用弱的虛擬資產服務提供商（VASPS）平台，知道您的客戶（KYC）標準將加密貨幣轉換為菲亞特。據稱，他還在執法能力有限的司法管轄區使用了點對點（P2P）平台。

The successful arrest and extradition of a key figure in the Nomad Bridge exploit could have broader implications for DeFi security and legal precedents in the cryptocurrency industry. It also highlights the increasing role of blockchain intelligence and global cooperation in tracking down and apprehending cross-border crypto criminals.

在Nomad Bridge漏洞中，成功逮捕和引渡了關鍵人物可能對加密貨幣行業的Defi安全和法律先例具有更廣泛的影響。它還強調了區塊鏈情報和全球合作在追踪和逮捕跨境加密罪犯的越來越多的作用。