"Illusory Systems, which trades as Nomad, allegedly misled users about the security of its cryptocurrency bridge, which was compromised in 2022 in an attack that led to $186 million worth of funds being stolen. The FTC alleged that Nomad pushed an update in June 2022 containing "inadequately tested code" that, in turn, introduced a "significant vulnerability" that was exploited around a month later."
"The FTC acknowledged that some of these funds were recovered, but Nomad's customers ultimately lost out on approximately $100 million. The FTC's proposed settlement agreement, published this week, would require Nomad to repay around $37.5 million to users who remain out of pocket within a year of the agreement being signed, or 30 days after the end of any litigation related to the breach, whichever comes later."
"The complaint against Nomad alleges that, despite pitching its blockchain bridge as a "security-first" product at the time, the organization behind it fell short in various aspects of cybersecurity. The FTC alleges that it failed to adopt secure coding practices, implement a vulnerability management program, and deploy technologies that would have limited the impact of a breach on its users. It went on to claim that these failures and lack of incident response capabilities contributed to the total loss of funds."
Illusory Systems (Nomad) experienced a 2022 compromise of its cryptocurrency bridge that resulted in $186 million stolen, with approximately $100 million unrecovered by customers. The FTC alleges a June 2022 update containing "inadequately tested code" introduced a "significant vulnerability" exploited about a month later. The proposed settlement would require repayment of roughly $37.5 million to users still out of pocket within a year or 30 days after related litigation ends, plus implementation of a comprehensive security program, a dedicated employee, regular third-party assessments, and a prohibition on misrepresenting product security. Nomad agreed to the terms pending public comment and a final FTC vote.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]