Former Amazon software engineer Shakib Ahmed has been sentenced to three years in prison for abusing smart contracts.
A breach in 2022 resulted in the theft of over $12 million in various cryptocurrencies. This case was the first judgment in history for a cyber attack on a smart contract.
Mr. Ahmed admitted to manipulating smart contracts in December 2023. By inserting fraudulent pricing data into the platform's contracts, the engineers generated approximately $12 million in unearned profits, which they then extracted as cryptocurrency.
Prosecutors chose not to disclose one of the affected platforms, but evidence in the indictment suggests it was Crema Finance. Another platform involved was Nirvana Finance, which ceased operations following the July 2022 hack.
Before the incident, Mr. Ahmed led Amazon's bug bounty program, identifying and fixing security loopholes in its software. Prosecutors had recommended a four-year prison term, emphasizing the novelty of the case, which involved the hacking of smart contracts.
They acknowledged Mr. Ahmed's cooperation and the return of most of the stolen funds, but stressed the need for his imprisonment to act as a deterrent and highlight the seriousness of his crimes.
On the other hand, Ahmed's defense team argued that Ahmed's mental state was deteriorating at the time of the hack, and that the stolen funds were largely untouched except to cover the medical expenses of his relatives. He insisted on probation instead. Mr. Ahmed, from Saudi Arabia, had his defense team plead for leniency on the following grounds:
