Coding vulnerability may cost a crypto company $100M

Published: 18 December 2025
Last updated: 18 December 2025
bitcoin-receipt
Image by Cybernews

The Federal Trade Commission (FTC) wants a crypto company that was attacked by hackers to reimburse $100 million to its customers.

Utah-based tech company Illusory Systems Inc., which does business under the name Nomad, failed to implement adequate security measures, leading to a major data breach in June 2022, the market supervisor claims.

According to the FTC, Nomad had developed a service called xApp, also known as the “Nomad Token Bridge,” which allowed users to exchange tokens between different blockchain platforms.

ADVERTISEMENT

xApp was advertised and offered as a “security-first” service. In practice, however, it was poorly tested and included a large vulnerability. Hackers got wind of this and began exploiting the vulnerability, leading to a loss of $186 million.

Luckily, the company was able to recover some of the money. However, consumers lost approximately $100 million.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In its complaint, the FTC alleges that Nomad failed to meet its promises. The company failed to implement secure coding practices, offer the option to submit vulnerability reports, respond to security incidents, and utilize technologies that could have helped mitigate consumer losses.

Furthermore, Nomad knew about the dangers of inadequate code testing, as well as the need to ensure it had skilled staff members and security in place. Additionally, the company failed to implement basic safety measures, which ultimately led to the incident.

Nomad-logo-and-add-the-text-knew-about-the-dangers-of-inadequate-code-testing

To address these shortcomings, the FTC requires the company to repay its clients $100 million and implement a comprehensive information security program designed to protect consumers from theft or other unauthorized access.

“The FTC Act requires companies to take reasonable security measures. It’s important that companies live up to their security promises to consumers,” Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection, said in a statement.

The public now has thirty days to respond to the proposal, after which the FTC can finalize it.

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT