Illusory Systems settles with FTC over 2022 cryptocurrency hack | CyberScoop<\/title> <meta name=\"description\" content=\"The company was charged with materially misrepresenting the cybersecurity of its Token Bridge software as executives failed to implement reasonable security.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ftc-settles-with-illusory-systems-in-2022-cryptocurrency-hack\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Illusory Systems settles with FTC over 2022 cryptocurrency hack\"> <meta property=\"og:description\" content=\"The company was charged with materially misrepresenting the cybersecurity of its Token Bridge software as executives failed to implement reasonable security.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ftc-settles-with-illusory-systems-in-2022-cryptocurrency-hack\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-12-16T23:46:30+00:00\"> <meta property=\"article:modified_time\" content=\"2025-12-16T23:46:32+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-2.jpg\"> <meta property=\"og:image:width\" content=\"5184\"> <meta property=\"og:image:height\" content=\"2916\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1765909325g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1764694102g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1763439630g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87182\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87182\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fftc-settles-with-illusory-systems-in-2022-cryptocurrency-hack%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fftc-settles-with-illusory-systems-in-2022-cryptocurrency-hack%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87182 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ftc-settles-with-illusory-systems-in-2022-cryptocurrency-hack\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.832971800434\">\n<div class=\"single-article__header-content\" readability=\"33.555035128806\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/ftc-settles-with-illusory-systems-in-2022-cryptocurrency-hack\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The company was charged with materially misrepresenting the cybersecurity of its Token Bridge software as executives failed to implement reasonable security. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87182\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-2.jpg 5184w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-2.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-2.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-2.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-2.jpg?resize=2048,1152 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-2.jpg?resize=1500,843 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> FTC building (John Taylor\/Flickr) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"48.960980036298\"><body readability=\"99\"><\/p>\n<p>The Federal Trade Commission is ordering a company that publicly touted its cybersecurity capabilities to return recovered funds to victims and implement security reforms, after a software flaw let hackers steal hundreds of millions of dollars in cryptocurrencies from users.<\/p>\n<p>The FTC announced it had reached a settlement with Illusory Systems, which also does business as Nomad, following an investigation into a 2022 incident where hackers exploited a vulnerability in the company\u2019s Token Bridge cryptocurrency smart contract solution. The program provides protocols that connect different blockchains and allow users to transfer assets between them.<\/p>\n<p>As part of the deal, the company must implement a comprehensive cybersecurity plan, including addressing security flaws identified in the FTC\u2019s complaint and programs for protecting consumers from theft and fraud. It must also submit the plan and cooperate with independent third-party assessors on any improvements and return stolen money clawed back by law enforcement.<\/p>\n<p>\u201cThe FTC Act requires companies to take reasonable security measures,\u201d said Christopher Mufarrige, Director of the FTC\u2019s Bureau of Consumer Protection, in a statement. \u201cIt\u2019s important that companies live up to their security promises to consumers.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>According to an FTC complaint, in June 2022, Illusory Systems introduced \u201cnew, inadequately tested code\u201d for Token Bridge, its set of cryptocurrency smart contracts, following a security audit.<\/p>\n<p>Just one month later, malicious hackers used the flaw to steal $186 million from users in cryptocurrency funds. White hat hackers were able to use the same exploit to safeguard at least $37 million of the stolen funds before hackers could drain them, and the agreement directs Illusory Systems to return that money to users. <\/p>\n<p>The FTC focused on how Illusory Systems presented its Token Bridge network to customers, charging the company with materially misrepresenting its commitment to security to users.<\/p>\n<p>At different points the company advertised the smart contract solution as \u201chigh security,\u201d a \u201csecurity first\u201d solution that \u201cprioritizes the safety and security of the funds\/cross chain messages\u201d and something that would \u201ckeep the entire system (and your funds\/messages) safe.\u201d<\/p>\n<p>Another message simply stated: \u201cWe\u2019re secure\u2026period.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>But the FTC\u2019s investigation found that Illusory Systems had failed to put in place reasonable and appropriate security practices..<\/p>\n<p>Despite knowing that cross-chain bridges like Token Bridge were targeted by hackers and could result in \u201ccatastrophic loss\u201d if compromised, developers failed to implement \u201cwell known secure coding practices, such as writing and conducting adequate unit tests prior to pushing code to production.\u201d<\/p>\n<p>In fact, company software engineers and a post-incident analysis revealed that most testing of Token Bridge focused on making sure it functioned properly, rather than verifying that it was secure.<\/p>\n<p>According to the commission, Illusory Systems lacked adequate security staff, clear vulnerability reporting and response processes, a written security plan, and \u201cwidely accepted industry norms\u201d such as circuit breakers or a \u201ckill switch\u201d that could halt suspicious financial transactions.<\/p>\n<p>Compounding matters, the company lacked automated fraud monitoring, so it learned about the breach from a user on social media instead of detecting it internally.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Staff scrambled to respond to the hack, even relying on an engineer on a flight to relay code snippets via an online chat. The delays meant security staff were \u201cunable to shut down the bridge until after it had been emptied of assets.\u201d<\/p>\n<p>Months before the hack, an engineer warned the CEO about weak code testing and quality assurance noting that the company had previously shipped code with a significant vulnerability because it wasn\u2019t properly tested.<\/p>\n<p>The investigation also revealed that despite promising to keep customers\u2019 funds secure, the company previously overrode internal efforts to reimburse users who lost money when a bug in the web-based Token Bridge interface caused losses. <\/p>\n<p>In one instance the chief operating officer reportedly said \u201cthere are no guarantees of safety\u201d and the CEO noted that Illusory Systems was \u201cputting out a free-to-use interface to a protocol that may have bugs\/issues.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.6022099447514\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ftc-settles-with-illusory-systems-in-2022-cryptocurrency-hack\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Illusory Systems settles with FTC over 2022 cryptocurrency hack |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[337,78,458,117,2793],"tags":[340,86,460,119,2794],"class_list":["post-8210","post","type-post","status-publish","format-standard","hentry","category-cryptocurrency","category-cybersecurity","category-federal-trade-commission-ftc","category-government","category-regulators","tag-cryptocurrency","tag-cybersecurity","tag-federal-trade-commission-ftc","tag-government","tag-regulators"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cryptocurrency\/\" rel=\"category tag\">cryptocurrency<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-trade-commission-ftc\/\" rel=\"category tag\">Federal Trade Commission (FTC)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/regulators\/\" rel=\"category tag\">regulators<\/a>","tag_info":"regulators","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8210"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8210\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8210"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8210"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8210,"date":"2025-12-16T17:46:30","date_gmt":"2025-12-16T23:46:30","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87182"},"modified":"2025-12-16T17:46:30","modified_gmt":"2025-12-16T23:46:30","slug":"illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/12\/16\/illusory-systems-settles-with-ftc-over-2022-cryptocurrency-hack\/","title":{"rendered":"Illusory Systems settles with FTC over 2022 cryptocurrency hack"},"content":{"rendered":"