逮捕Nomad Bridge Hack嫌疑人

古里维奇（Gurevich）是一名双重以色列公民，因涉嫌参与2022年8月发生的1.9亿美元的Nomad Bridge Hack而在以色列被捕。

Alexander Gurevich, a dual US-Israeli citizen, has been detained in Israel and now faces extradition to the United States, where he is being sued by the liquidators of bankrupt crypto firm Celsius Network for allegedly collecting a portion of a $190 million bounty from the 2022 Nomad Bridge hack.

亚历山大·古里维奇（Alexander Gurevich）是一名双重以色列公民，已被拘留在以色列，现在面临引渡到美国，在那里他被破产的加密货币公司CELSIUS网络的清算人起诉，据称他从20222 Nomad Bridge Bridgad Hack中收集了1.9亿美元的赏金。

The arrest of Gurevich, who is also a Russian citizen, comes as part of an ongoing investigation into the August 2022 hack of the Nomad cryptocurrency bridge, which saw nearly $190 million stolen from the protocol.

Gurevich也是俄罗斯公民的逮捕，是对2022年8月的Nomad Cryptocurrency Bridge进行的持续调查的一部分，该桥从该协议中被盗了近1.9亿美元。

According to reports, Gurevich was planning to flee to Russia but was apprehended at Ben Gurion Airport while attempting to travel on a new identity after legally changing his name to "Alexander Block" just days prior.

据报道，古里维奇（Gurevich）计划逃往俄罗斯，但在几天前合法将自己的名字更改为“亚历山大·布洛克（Alexander Block）”之后，在本古里安机场（Ben Gurion Airport）被逮捕。

"He fits the profile of a crypto-native threat actor: skilled in smart contract exploitation but ultimately undone by poor opsec," said Peter Kacherginsky, a blockchain security expert and formerly of Coinbase’s Unit 0x security team, on X in reaction to Gurevich’s arrest.

区块链安全专家彼得·卡切尔金斯基（Peter Kacherginsky）说：“他符合加密本地威胁参与者的个人资料：熟练的智能合同剥削，但最终被穷人的OPSEC撤销。”

The 2022 Nomad Bridge exploit, which saw the misconfiguration of a bridge's process() function cause the contract to accept any message with the correct root hash—even if the proof was illegitimate—has been touted as one of the most remarkable and chaotic hacks in decentralized finance (DeFi) history.

2022年Nomad Bridge漏洞利用了桥梁的过程（）功能的错误配置，这会导致合同接受任何具有正确的根部哈希的信息（即使证明是非法的，也被吹捧为最引人注目，最混乱的黑客之一，这是分散的金融（DEFI）历史上的最引人注目的。

On August 1, 2022, after a routine code update introduced a critical vulnerability in a Nomad smart contract—a verification bug—messages with invalid proofs began to be accepted as valid.

在2022年8月1日，在常规代码更新引入了Nomad智能合约中的关键漏洞（一个验证错误），并开始接受带有无效证明的验证漏洞。

This misconfiguration in the bridge's process() function caused the contract to accept any message with the correct root hash, regardless of whether the proof was legitimate.

桥梁的过程（）函数中的这种错误配置导致合同接受任何具有正确根部哈希的信息，而不管证据是否合法。

Once one user figured out the exploit—believed to be Gurevich—it was rapidly copied and pasted by hundreds of wallets in a type of "mob attack," turning a targeted hack into an opportunistic frenzy.

一旦一个用户发现了漏洞利用（被认为是Gurevich），它就会被数百个钱包迅速复制和粘贴，以一种“暴民攻击”，将目标的骇客变成了机会性的疯狂。

The identity of the first user to attempt to siphon funds from the protocol is still up for debate, but according to reports by The Block and Point of Law, US prosecutors are putting forth the case that Gurevich was the first to manage to steal from Nomad and that he later had a hand in laundering the funds.

第一个试图从协议中汲取资金的用户的身份仍在进行辩论，但是根据法律和法律点的报道，美国检察官正在提出案子，即古列维奇是第一个从Nomad那里窃取的人，后来他有了洗钱的手。

The accusations are based on a series of Telegram messages Gurevich sent to the Nomad team, in which he requested a US$500,000 bounty for identifying the vulnerabilities in Nomad’s smart contracts that allowed them to be exploited.

这些指控基于发送给Nomad团队的一系列电报消息Gurevich，他要求提供500,000美元的赏金来确定Nomad智能合约中的漏洞，以使他们被利用。

The funds were laundered through a complex web of privacy coins, mixers, and offshore financial entities, according to publicly available court filings and law enforcement statements.

根据公开可用的法院文件和执法陈述，这些资金通过复杂的隐私硬币，混合器和海上金融实体洗钱。

Of the total US$190 million exploited from Nomad, Gurevich is said to have managed to siphon US$2.89 million. The rest of the US$190 million is believed to have been lost to the copycats who joined in a free-for-all to steal as much money as they could.

在从Nomad中剥削的1.9亿美元中，据说古雷维奇（Gurevich）已设法撤销了289万美元。据信，其余的1.9亿美元被丢失了，这些模仿者加入了全部自由，以窃取尽可能多的钱。

According to TRM Labs, Gurevich used a 'classic mixer stack', moving assets through Tornado Cash on Ethereum, then converting ETH to privacy coins such as Monero (XMR) and Dash (DASH), which were routed through Defi tools—non-custodial exchanges and decentralized liquidity pools— to cash out via over-the-counter (OTC) and offshore bank accounts. The offshore bank accounts were often linked to shell companies registered in jurisdictions with ‘loose’ regulations.

根据TRM Labs的说法，Gurevich使用了“经典混合堆栈”，通过以太坊上的龙卷风现金移动资产，然后将ETH转换为隐私硬币，例如Monero（XMR）和Dash（Dash），这些硬币是通过Defi工具（通过污染工具）（Non-Custial Exchanges and thementalized流动性池）进行的，以通过过度的流动性库来兑现（CASS），以兑现越野库（Case Off the Carke Off the Carke）（cash）（cash）（cash）（cash）（caster）（cash）（coss）（counter）（counter（counter））和counter（counter）。离岸银行帐户通常与在“松散”法规的司法管辖区注册的壳牌公司有关。

It is also suggested that Gurevich leveraged Virtual Asset Service Providers (VASPs) platforms with weak Know Your Customer (KYC) standards to convert crypto into fiat. He also allegedly used peer-to-peer (P2P) platforms in jurisdictions with limited enforcement capacity.

还建议Gurevich利用弱的虚拟资产服务提供商（VASPS）平台，知道您的客户（KYC）标准将加密货币转换为菲亚特。据称，他还在执法能力有限的司法管辖区使用了点对点（P2P）平台。

The successful arrest and extradition of a key figure in the Nomad Bridge exploit could have broader implications for DeFi security and legal precedents in the cryptocurrency industry. It also highlights the increasing role of blockchain intelligence and global cooperation in tracking down and apprehending cross-border crypto criminals.

在Nomad Bridge漏洞中，成功逮捕和引渡了关键人物可能对加密货币行业的Defi安全和法律先例具有更广泛的影响。它还强调了区块链情报和全球合作在追踪和逮捕跨境加密罪犯的越来越多的作用。