Security engineer guilty of hacking cryptocurrency exchanges


A senior security engineer has been found guilty of multiple attacks on decentralized cryptocurrency exchanges, stealing over $12 million in cryptocurrency in the process.

Shakeeb Ahmed was sentenced in what US Attorney Damian Williams calls “the first-ever conviction for the hack of a smart contract.”

Between July 2nd and 3rd, 2022, Ahmed facilitated an attack on a decentralized cryptocurrency exchange known as the “Crypto Exchange,” where he used “false pricing data to generate roughly $9 million worth of inflated fees.” He subsequently withdrew these fees in the form of cryptocurrency, the press release reads.

ADVERTISEMENT

Once orchestrated, Ahmed agreed with individuals at the Cryptocurrency Exchange to return the stolen funds, “except $1.5 million,” if they didn’t involve law enforcement.

This was the first attack that the perpetrator had carried out on a decentralized cryptocurrency platform.

The second attack occurred a few weeks after the initial attack on the Crypto Exchange. The victims were Nirvana Finance (Nirvana), another decentralized cryptocurrency exchange.

Ahmed “used an exploit he discovered in Nirvana’s smart contracts,” which enabled him to purchase cryptocurrency from the exchange “at a lower price than the contract was designed to allow.”

Once purchased, he resold the currency to Nirvana at a higher price than originally purchased. The exchange offered Ahmed a “bug bounty” of $600,000 in exchange for the stolen cryptocurrency.

However, Ahmed “demanded $1.4 million,” this agreement was not met and the perpetrator kept the stolen funds. Nirvana subsequently shut down after Ahmed’s attack as the $3.6 million he stole “represented approximately all the funds possessed by Nirvana.”

Once all of these funds were illegitimately acquired, Ahmed laundered the currency he had stolen from both decentralized cryptocurrency exchanges using “sophisticated techniques.”

These included “token-swap transactions; “bridging” fraud proceeds from the Solana blockchain over to the Ethereum blockchain; exchanging fraud proceeds into Monero, an anonymized cryptocurrency that’s particularly difficult to trace; using overseas cryptocurrency exchanges; and using cryptocurrency mixers, such as Samourai Whirlpool.”

ADVERTISEMENT

Ahmed has been sentenced to three years imprisonment, three years of supervised release, and was ordered to “forfeit approximately $12.3 million” alongside a significant amount of cryptocurrency and pay restitution to the Crypto Exchange and Nirvana – the amount is over $5 million.