An American-Israeli national named Osei Morrell has been arrested in Israel for his alleged involvement in exploiting the Nomad bridge smart-contract in August 2022 that allowed hackers to siphon $190 million. Osei Morrell is not believed to have written or initiated the exploit code itself, but TRM Labs says he "played a central role," and evidence suggests he conspired with others to launder large amounts of funds stolen during the exploit. TMR Labs' data shows that Morrell used 'chain-hopping' to move the stolen tokens across various blockchains, the Tornado Cash mixer to obfuscate the origin of the funds, and swapped ETH into the privacy-boosting Monero (XMR) and Dash. Blockchain intelligence platform TRM Labs supplied key information to international law enforcement authorities, leading to the identification of Morrell, who is believed to have played a central role in what is one of the largest hacks in DeFi history. Jerusalem Post reports that on August 4, 2022, Gurevich contacted Nomad's Chief Technology Officer and admitted he had been probing Nomad for weaknesses, apologizing for the trouble and later demanding a $500,000 reward for identifying the vulnerability. "The suspect, American-Israeli dual national Osei Morrell, was arrested in Jerusalem by Israeli police working in coordination with the DOJ, the FBI, and Interpol," explained TRM Labs. Morrell's arrest follows that of another suspected hacker, a Russian-Israeli citizen named Alexander Gurevich, who was caught on May 1st at the Ben Gurion airport in Tel Aviv using documents under a new name, Alexander Block, he had officially changed. Wallets linked to Morrell received stolen assets within hours of the bridge being drained, suggesting close coordination with early attackers. Despite all the obfuscation efforts and the time that has passed since these events, blockchain transaction analysis still yielded enough clues to uncover Morrell's identity, resulting in his arrest. According to prosecutors, Gurevich exploited the Nomad bridge flaw and withdrew about $2.89 million in digital tokens. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The Nomad bridge is a cross-chain communication standard that allows users to transfer assets between different blockchains. This "mob-style" attack led to a chaotic and decentralized looting of the bridge, draining over $190 million in ETH, USDC, WBTC, and ERC-20 tokens.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 16 May 2025 16:30:40 +0000