FTC and Nomad Agree to ~$40M Settlement After $186M Crypto Cyber-Attack
The U.S. Federal Trade Commission (FTC) has proposed a settlement requiring Illusory Systems, operating as Nomad, to repay users for losses stemming from a 2022 cyber-attack that resulted in approximately $186 million in stolen cryptocurrency, with customers ultimately absorbing losses of about $100 million. According to the FTC, Nomad misled users by marketing its blockchain bridge as a “security-first” product while failing to implement reasonable security controls. The breach was traced to a June 2022 critical vulnerability that attackers exploited roughly a month later.
Under the proposed settlement, Nomad must repay roughly $37.5 million to affected users within a defined timeframe, implement a comprehensive security program, designate personnel responsible for maintaining it, and submit to regular third-party security assessments. The agreement also prohibits the company from making future misrepresentations about the security of its products. The FTC alleges that Nomad failed across multiple foundational areas, including secure coding practices, vulnerability management, breach impact containment, and incident response readiness, with these deficiencies materially contributing to the scale of the losses. Nomad has agreed to the settlement.
This case highlights the critical need for continuous monitoring and visibility across networks, services, mobility, and underlying infrastructure, especially in software-defined and blockchain-based environments where code, connectivity, and infrastructure are inseparable. A next-generation monitoring posture with a platform like NIKSUN can unify network and service monitoring, application and code-level telemetry, infrastructure health, dependency mapping, and real-time anomaly detection into a single operational view. Such unified situational awareness is the only approach that enables organizations to identify faulty updates, abnormal service behavior, and cascading infrastructure impacts before they become catastrophic failures like this one. Read more about this story on our LinkedIn page
Under the proposed settlement, Nomad must repay roughly $37.5 million to affected users within a defined timeframe, implement a comprehensive security program, designate personnel responsible for maintaining it, and submit to regular third-party security assessments. The agreement also prohibits the company from making future misrepresentations about the security of its products. The FTC alleges that Nomad failed across multiple foundational areas, including secure coding practices, vulnerability management, breach impact containment, and incident response readiness, with these deficiencies materially contributing to the scale of the losses. Nomad has agreed to the settlement.
This case highlights the critical need for continuous monitoring and visibility across networks, services, mobility, and underlying infrastructure, especially in software-defined and blockchain-based environments where code, connectivity, and infrastructure are inseparable. A next-generation monitoring posture with a platform like NIKSUN can unify network and service monitoring, application and code-level telemetry, infrastructure health, dependency mapping, and real-time anomaly detection into a single operational view. Such unified situational awareness is the only approach that enables organizations to identify faulty updates, abnormal service behavior, and cascading infrastructure impacts before they become catastrophic failures like this one. Read more about this story on our LinkedIn page