PANews reported on December 17th that, according to Decrypt, the U.S. Federal Trade Commission (FTC) announced on Tuesday that it has submitted a proposed settlement to Illusory Systems Inc., the operator of the crypto cross-chain bridge Nomad, regarding the 2022 cyberattack that resulted in the theft of almost all funds from Nomad. Under the proposed settlement, Illusory Systems would be prohibited from making false statements about its security measures, required to implement a formal information security program, undergo independent security assessments every two years, and return any recovered but not yet returned funds to affected users. The agency stated that the attack resulted in the theft of approximately $186 million in digital assets, with consumer losses exceeding $100 million.

In its complaint, the FTC stated that Nomad claimed "security first" in its marketing but failed to adequately test its code, maintain clear vulnerability reporting and incident response processes, and lacked basic safeguards. The August 2022 attack stemmed from a critical vulnerability introduced by a code update, and the platform's lack of an effective incident response system prevented it from promptly stopping the loss of funds. Earlier this year, Israeli authorities arrested Alexander Gurevich, accusing him of launching the attack on Nomad's cross-chain bridge. Police stated that he was detained at an Israeli airport while attempting to flee to Moscow after legally changing his name to evade capture.