In a recent legal development, former Amazon security engineer Shakeeb Ahmed has entered a guilty plea for his involvement in a hacking incident that resulted in the misappropriation of over $12.3 million from two cryptocurrency exchanges back in July 2022.
The affected entities include Nirvana Finance, a decentralized crypto exchange, and an unnamed exchange operating on the Solana blockchain platform. Ahmed, leveraging his skills in blockchain audit and smart contract reverse engineering, successfully breached the security of the latter.
The initial target of Ahmed’s hacking endeavors was an undisclosed cryptocurrency exchange. Employing his expertise, he manipulated a smart contract to introduce false pricing data, resulting in the generation of inflated fees amounting to around $9 million. Subsequently, Ahmed withdrew the funds and proposed returning all but $1.5 million, contingent upon the exchange refraining from involving law enforcement.
While the Justice Department did not explicitly name the affected exchange, the details of the attack align with a July 2022 breach that impacted the Crema Finance decentralized finance (DeFi) platform.
Following this initial exploit, Ahmed turned his attention to Nirvana Finance. Exploiting a smart contract loophole within the DeFi protocol, he executed a flash loan of ANA cryptocurrency tokens at a lower price and then sold them back at a higher rate, resulting in a profit of approximately $3.6 million.
Despite a $300,000 bounty offered for the return of the pilfered crypto assets, Ahmed retained the entire sum, which represented all the funds owned by Nirvana Finance. He demanded $1.4 million and, failing to reach an agreement, compelled the exchange to shut down.
In an attempt to escape capture and obscure the digital trail of the embezzled funds, Shakeeb Ahmed employed various cryptocurrency mixers, such as Samourai Whirlpool, and utilized both the Solana and Ethereum blockchains. Additionally, he turned to foreign exchanges to convert the millions he had stolen into Monero, a cryptocurrency known for its heightened privacy and anonymity features.
Wary of potential apprehension, Ahmed actively sought methods to avoid detection and extradition. Online evidence revealed his interest in strategies to flee the United States, evade asset seizures, and obtain citizenship in different countries, clearly indicating his intention to evade legal consequences for his actions.
U.S. Attorney Damian Williams remarked on Thursday, “Five months ago, my Office announced the first-ever arrest involving an attack on a smart contract. Today, senior security engineer Shakeeb Ahmed pled guilty and agreed to return all of the stolen crypto to his victims. That arrest is now the first-ever conviction for such a hack.”
Williams added, “Ahmed’s plea has also resulted in him further admitting that he carried out a previously unsolved second multi-million-dollar hack, this time of decentralized finance protocol Nirvana Finance. In total, Ahmed used his technical knowhow to steal over $12 million and tried to cover his tracks by swapping stolen crypto for Monero, using cryptocurrency mixers, hopping across blockchains, and utilizing overseas crypto exchanges.”
Ahmed entered a guilty plea for a single computer fraud charge, an offense carrying a maximum imprisonment term of five years. Moreover, he committed to compensating his victims with a sum totaling $5,071,074.23.
As part of the legal consequences, Ahmed will forfeit over $12.3 million, including approximately $5.6 million worth of fraudulently obtained cryptocurrency. The sentencing is scheduled for March 13, 2024, to be decided by United States District Judge Victor Marrero.