Shakeeb Ahmed, a former security engineer at Amazon, pleaded guilty to charges of hacking and stealing more than $12.3 million from two crypto exchanges in July 2022. This high-profile cybercrime incident, according to BleepingComputer reportsent shockwaves through the cryptocurrency community, highlighting the vulnerabilities of decentralized finance platforms.
The two exchanges that fell victim to Ahmed’s sophisticated hacking skills were Nirvana Finance, a decentralized crypto exchange and an anonymous exchange operating on the Solana blockchain platform. Using his expertise in blockchain auditing and reverse engineering of smart contracts, Ahmed orchestrated a complex scheme to manipulate and exploit these platforms.
Ahmed’s first target was the undisclosed crypto exchange on the Solana blockchain. He manipulated a smart contract to introduce false pricing data, resulting in approximately $9 million in inflated fees. After withdrawing these funds, Ahmed brazenly offered to return the stolen amount, less $1.5 million, on the condition that the exchange did not involve law enforcement. This attack is very similar to the breach that impacted the decentralized financial platform Crema Finance in July 2022.
Following this first hack, Ahmed turned to Nirvana Finance. He exploited a loophole in the DeFi protocol’s smart contract, taking out a flash loan of ANA cryptocurrency tokens at a low price and reselling them at a higher rate. This maneuver earned him approximately $3.6 million. Despite being offered a $300,000 bounty to return the stolen assets, Ahmed refused, demanding $1.4 million, ultimately leading to the closure of Nirvana Finance after no deal was reached. been found.
Avoiding Capture and Concealing the Cryptocurrency Heist
In an effort to evade capture and hide the digital trail of his illicit gains, Ahmed employed a variety of tactics. He used cryptocurrency mixers including Samourai Whirlpool and moved funds through the Solana and Ethereum blockchains. He also used foreign exchanges to convert the stolen millions into Monero, a cryptocurrency popular for its enhanced privacy features.
Ahmed’s online activities revealed his intention to flee the United States and avoid legal consequences. He studied strategies to thwart asset seizures, obtain citizenship in different countries and evade extradition, indicating a clear plan to evade justice.
U.S. Attorney Damian Williams commented on the case, saying: “Five months ago, my office announced the first-ever arrest involving a smart contract attack. Today, Senior Security Engineer Shakeeb Ahmed pleaded guilty and agreed to return all stolen cryptocurrencies to his victims. This arrest is now the very first conviction for such hacking.
Ahmed’s guilty plea to a single computer fraud charge carries a maximum prison sentence of five years. He agreed to compensate his victims with a sum totaling $5,071,074.23 and will lose more than $12.3 million, including approximately $5.6 million in fraudulently obtained cryptocurrency. His sentencing is scheduled for March 13, 2024, before United States District Judge Victor Marrero.
This case is a stark reminder of the ongoing security challenges facing the cryptocurrency industry and the need for robust protection measures against such sophisticated cyberattacks.
