Former Security Specialist Sentenced to 3 Years in Prison for Stealing $12.3 Million from Cryptocurrency Exchange

75 views 12:59 pm 0 Comments May 20, 2024

A former security engineer in the U.S. has been handed a three-year prison sentence for his involvement in the hacking of two decentralized cryptocurrency exchanges back in July 2022, resulting in the theft of over $12.3 million.

The individual at the center of the case, Shakeeb Ahmed, admitted to a single count of computer fraud in December 2023 after being apprehended in July.

According to the U.S. Department of Justice (DoJ), Ahmed, a U.S. citizen residing in Manhattan, New York, was working as a senior security engineer for an undisclosed international technology company at the time of the incidents. His expertise included skills such as reverse engineering smart contracts and conducting blockchain audits, which were instrumental in carrying out the hacks.

Court records revealed that Ahmed exploited a vulnerability in the smart contracts of an unnamed cryptocurrency exchange to manipulate pricing data and illicitly generate inflated fees, allowing him to withdraw substantial sums of money.

Following the breach, Ahmed contacted the exchange with an offer to return most of the stolen funds, withholding $1.5 million on the condition that the exchange refrained from involving law enforcement in the investigation of the flash loan attack.

It is noteworthy that in early July 2022, CoinDesk reported an incident where an unidentified individual returned over \(8 million to Crema Finance, a Solana-based crypto exchange, while retaining \)1.68 million as a “white hat” reward.

Additionally, Ahmed stands accused of orchestrating an attack on another decentralized cryptocurrency exchange named Nirvana Finance, where he siphoned $3.6 million, leading to the platform’s closure.

“By exploiting a vulnerability in Nirvana’s smart contracts, Ahmed managed to purchase cryptocurrency at a lower price than intended and subsequently resell it to the exchange at a higher rate,” stated the DoJ.

Despite Nirvana’s offer of a bug bounty amounting to 600,000 for the return of the stolen assets, Ahmed demanded 1.4 million, failing to reach an agreement and retaining all the embezzled funds.

To conceal his illicit activities, Ahmed laundered the stolen funds through cross-chain bridges, transferring the digital assets from Solana to Ethereum, and converting the proceeds into Monero using platforms like Samourai Whirlpool.

In addition to the prison sentence, Ahmed has been mandated to serve three years of supervised release, forfeit around 12.3 million, and compensate the affected cryptocurrency exchanges with over 5 million in restitution.

If you found this article intriguing, stay updated by following us on Twitter and LinkedIn for more exclusive content.