A former security engineer at an international technology company has pleaded guilty in federal court to hacking two decentralized cryptocurrency exchanges.
Thanks to these hacks in July 2022, American citizen Shakeeb Ahmed, 34, illegally obtained more than 12 million dollars, according to the US Department of Justice. Ahmed agreed to forfeit these funds, including more than $5 million in restitution to victims. He faces a maximum sentence of five years in prison.
Ahmed exploited vulnerabilities in the smart contracts of the two exchanges: one called Nirvana Finance and another unspecified exchange based on the Solana currency. Smart contracts are digital agreements with the terms of the contract written directly into the code. Decentralized exchanges allow people to trade cryptocurrencies directly, peer-to-peer, with an intermediary.
Ahmed’s case is the first-ever conviction involving an attack on a smart contract, said Damian Williams, U.S. Attorney for the Southern District of New York.
In his first attack against the anonymous crypto exchange, Ahmed exploited a vulnerability in one of its smart contracts by inserting false pricing data, causing the contract to generate approximately $9 million in inflated fees.
After removing these fees, Ahmed agreed to return all but $1.5 million of the stolen funds if the crypto exchange agreed not to refer the attack to law enforcement.
Although the targeted platform has not been named, several cryptocurrency experts have already linked Ahmed’s previous indictment to the July 2022 attack. on Crema Financewhere approximately $9 million in cryptocurrency was stolen.
Weeks after his first hack, Ahmed also targeted Nirvana Finance by using an exploit in its smart contract to buy the platform’s crypto token at a low price and sell it back to the platform at a high price. In this way, he obtained approximately $3.6 million in illegal profits, almost all of the funds owned by the exchange.
Nirvana offered him a bonus up to $600,000, but Ahmed demanded more. As no agreement was reached, Ahmed kept all the stolen funds, leading to the closure of the platform.
In a statement On Friday, Nirvana Finance said that if Ahmed returned the stolen money, the money would be distributed to those affected by the hack based on their exposure at the time of the theft.
At the time of the two attacks, Ahmed was working for a technology company in New York. Prosecutors did not name the company, but TechCrunch reported in July that he was an Amazon employee at one point. His resume indicated that he was well versed in smart contract reverse engineering and blockchain audits – skills he used to execute the hacks.
After the thefts, Ahmed attempted to cover his tracks by exchanging the stolen money for Monero, a cryptocurrency designed to provide enhanced privacy and anonymity to its users, making transactions difficult to trace. He also used cryptocurrency mixers, switched between different blockchains, and used overseas crypto exchanges.
Worried about getting caught, he considered leaving the U.S. police force and found he was searching online for information about his hacks, as well as on websites related to his ability to flee the United States, avoid the extradition and to keep his stolen cryptocurrency.
For example, he searched for terms like “can I cross the border with crypto,” “how to stop the federal government from seizing assets,” and “buy citizenship.” He also visited a website titled “16 Countries Where Your Investments Can Buy Citizenship.”
Future saved
Intelligence cloud.
No previous articles
No new articles
Daryna Antoniuk is a freelance journalist for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe, and the state of the Ukraine-Russia cyberwar. She was previously a tech journalist for Forbes Ukraine. His work has also been published in Sifted, The Kyiv Independent and The Kyiv Post.