TechFlow news, December 17 — According to Decrypt, the U.S. Federal Trade Commission (FTC) announced on Tuesday that it has proposed a settlement with Illusory Systems, the operator of the Nomad crypto bridge, over a 2022 hack that resulted in the near-total theft of platform funds.
According to the FTC's complaint, Illusory Systems introduced a critical vulnerability during a code update in June 2022. Starting August 1, hackers exploited this flaw, stealing approximately $186 million worth of Ethereum, USDC, DAI, and WBTC assets, with user losses exceeding $100 million.
The FTC accused Nomad of claiming to be a "security-first" platform while failing to adequately test its code, maintain clear vulnerability reporting and incident response procedures, or deploy basic security measures to limit user losses.
Under the proposed settlement, Illusory Systems will be prohibited from making false claims about its security practices, must implement a formal information security program, undergo independent biennial security assessments, and return any unrecovered funds to affected users. Following the hack, Nomad recovered only $22 million of the stolen funds.
