FTC proposes settlement with Nomad operator after $186M bridge hack

The U.S. Federal Trade Commission (FTC) has proposed a consent settlement with Illusory Systems Inc., operator of the Nomad cross‑chain bridge, following a June–August 2022 smart‑contract vulnerability that led to about $186 million in stolen digital assets and over $100 million in consumer losses. The FTC alleges Nomad marketed itself as security‑first but failed to follow secure‑coding, testing and incident‑response practices; a faulty code update in June 2022 introduced a defect exploited from August 1, 2022. Nomad recovered roughly $22 million after the exploit. Under the proposed settlement Illusory Systems must implement a formal information security program, submit to independent security assessments every two years, cease making deceptive security claims, and return any recovered funds to affected users. The FTC has published the signed consent agreement for 30 days of public comment and may pursue enforcement under the Federal Trade Commission Act if the settlement is approved. For traders: the case highlights ongoing risks with cross‑chain bridges, the importance of smart‑contract audits and clear incident‑response processes, and increased regulatory scrutiny of security claims — factors that can raise perceived counterparty and smart‑contract risk and amplify volatility around affected bridge‑linked tokens and liquidity.