Ex-Security Engineer Jailed for 3 Years in $12.3 Million Crypto Exchange Thefts

Apr 13, 2024NewsroomCryptocurrency / Regulatory Compliance

Crypto Exchange Thefts

You are a former security engineer sentenced up to three years in prison in the US for charges related to the hacking of two decentralized cryptocurrency exchanges in July 2022 and the theft of more than $12.3 million.

Shakeeb Ahmed, the accused in question, pleaded guilty on one count of computer fraud in December 2023 after his arrest in July.

“At the time of the two attacks, Ahmed, a US citizen, was a senior security engineer for an international technology company whose resume demonstrated skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the special skills Ahmed used to execute the hacks,” the US Department of Justice (DoJ) said at the time.

Cybersecurity

While the name of the company is not disclosed, he lives in Manhattan, New York, and works for Amazon before he was arrested.

Court documents show that Ahmed exploited a security flaw in an unnamed cryptocurrency exchange’s contracts to insert “false pricing data to fraudulently generate millions of dollars in amount of inflated payment,” which he can withdraw.

Afterward, he initiated contact with the company and agreed to return most of the funds except for $1.5 million if the exchange agreed not to notify law enforcement about the flash loan attack.

It is worth noting that CoinDesk reported in early July 2022 that an unknown attacker returned more than $8 million worth of cryptocurrency to a Solana-based crypto exchange called Crema Finance, while keeping $1.68 million as a bounty ” white hat”.

Ahmed is also accused of carrying out an attack on a second decentralized cryptocurrency exchange called Nirvana Finance, wasting $3.6 million in the process, which ultimately led to its shutdown.

“Ahmed used an exploit he discovered in Nirvana’s smart contracts to allow him to purchase cryptocurrency from Nirvana at a lower price than the contract was designed for,” the DoJ said.

Cybersecurity

“He then immediately sold that cryptocurrency to Nirvana at a higher price. Nirvana offered Ahmed a ‘bug bounty’ of up to $600,000 to return the stolen funds, but Ahmed instead asked for $1.4 million, which was not forthcoming. in agreement with Nirvana, and kept all. the stolen funds.”

The accused then laundered the stolen funds to cover the trail using cross-chain bridges to transfer illicit digital assets from Solana to Ethereum and exchange the proceeds to Monero using mixers like Samourai Whirlpool.

In addition to the three years in prison, Ahmed was sentenced to three years of supervised release and was ordered to forfeit approximately $12.3 million and pay restitution totaling more than $5 million to similarly affected exchanges in crypto.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment