A security engineer who specialized in reverse engineering smart contracts and blockchain audits will spend three years behind bars for hacking two decentralized cryptocurrency exchanges and stealing $12 million in digital coin.
In 2022, New York City resident Shakeeb Ahmed was working as a senior security engineer for an unnamed international tech firm, specializing in reverse engineering smart contracts and blockchain audits. Ahmed decided to abuse his tech skills to get rich quick.
According to the US Department of Justice, the 34-year-old carried out an attack on an unnamed decentralized cryptocurrency exchange and used fake pricing data to generate approximately $9 million worth of inflated fees, then withdrew those fees in digital currency.
Reports say the victim company was Crema Finance, a Solana-based crypto exchange.
In communications with the exchange, Ahmed agreed to return the stolen funds, minus a $1.5 million “hacker’s fee,” if the company agreed not to report him to police. The firm declined, so Ahmed kept all the loot. At this point, however, he was on the police’s radar.
The police hadn’t yet arrested Ahmed when he went on to hack a second crypto exchange – Nirvana Finance. Ahmed exploited a weakness in Nirvana’s smart contracts to purchase cryptocurrency from the exchange at a lower price than the contract was designed to allow. He then immediately resold that cryptocurrency to Nirvana at a higher price.
Nirvana offered him a $600,000 “bug bounty” to return the stolen funds, but Ahmed instead demanded $1.4 million. He did not reach an agreement with Nirvana, and kept all the stolen funds.
Nirvana eventually went bankrupt as the $3.6 million Ahmed stole represented almost all of the company’s capital.
He then proceeded to launder the stolen funds using sophisticated techniques, including token-swap transactions; “bridging” fraud proceeds over to the Ethereum blockchain; exchanging fraud proceeds into the hard-to-trace Monero cryptocurrency; and using cryptocurrency mixers.
The New Yorker was sentenced last week to three years in prison, plus three more years of supervised release.
He was also ordered to forfeit approximately $12.3 million and a significant quantity of cryptocurrency and pay over $5 million in restitution to the Crypto Exchange and Nirvana.
It is not uncommon for hackers to demand a “fee” after hacking a crypto exchange and returning the funds. However, it seems this hacker was greedier than usual.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024
July 25, 2024