A former security engineer was sentenced to three years in prison in the United States in July 2022 for hacking two decentralized cryptocurrency exchanges and stealing more than $12.3 million.
The defendant in question, Shakib Ahmed, pleaded guilty to one count of computer fraud in December 2023 after his arrest in July.
“At the time of both attacks, Ahmed, an American citizen, was a senior security engineer at an international technology company, and his resume reflects skills in reverse engineering smart contracts and blockchain auditing, among other things. “These are some of the skills used to carry out the hack,” the US Department of Justice (DoJ) noted at the time.
Before his arrest, he lived in Manhattan, New York, and worked for Amazon, although the name of the company has not been released.
According to court documents, Ahmed exploited a security flaw in an anonymous cryptocurrency exchange's smart contract to insert “false pricing data” and “fraudulently collect millions of dollars worth of inflated fees.” “We were able to generate it and bring it out.”
He then began contacting the company and agreed to return most of the funds, except for $1.5 million, if the exchange agreed not to report the flash loan attack to law enforcement.
In early July 2022, CoinDesk reported that an unknown attacker had stolen $8 million worth of cryptocurrencies from a Solana-based company called Crema Finance, while holding $1.68 million in “white hat” bounties. It is worth noting that they reported that they had returned it to the exchange.
Ahmed is also accused of carrying out an attack on a second decentralized cryptocurrency exchange called Nirvana Finance, siphoning off $3.6 million in the process and ultimately leading to the exchange's closure. There is.
“Ahmed used an exploit he discovered within Nirvana's smart contracts to enable him to purchase virtual currency from Nirvana at a price lower than the price specified in the contract,” the Justice Department said.
“He then immediately resold the cryptocurrency to Nirvana at a high price. Nirvana offered Ahmed a $600,000 “bug bounty” to return the stolen funds, but Ahmed instead offered him $1.4 million. He demanded dollars and, unable to come to an agreement with Nirvana, kept the entire amount. Stolen funds. ”
The defendants then laundered the stolen funds, moved illegal digital assets from Solana to Ethereum using cross-chain bridges to cover their tracks, and used Samurai Whirlpool-like mixers to collect the proceeds. I exchanged it for Monero.
In addition to three years in prison, Mr. Ahmed was sentenced to three years of supervised release and ordered to forfeit approximately $12.3 million and pay more than $5 million in restitution to both affected cryptocurrency exchanges. commanded.
