Former Security Engineer Pleads Guilty to Hacking Decentralized Crypto Exchanges

Shakeeb Ahmed, a former senior security engineer for an international technology company, has made history by becoming the first individual to be convicted for hacking a smart contract. Ahmed pleaded guilty to computer fraud in connection with his attacks on two separate decentralized cryptocurrency exchanges, one of which was Nirvana Finance. His guilty plea was entered before U.S. Magistrate Judge Ona T. Wang, and he agreed to forfeit over $12.3 million, including approximately $5.6 million in fraudulently obtained cryptocurrency.

Damian Williams, the United States Attorney for the Southern District of New York, announced the guilty plea, marking a significant milestone in the legal actions against cybercrimes in the decentralized finance (DeFi) space. Ahmed’s case is particularly notable for being the first conviction of its kind, involving a smart contract hack.

Details of the sophisticated hacks

In July 2022, Ahmed executed his sophisticated hacks on two decentralized cryptocurrency exchanges. The first hack targeted an unnamed crypto exchange, where he exploited a vulnerability in the exchange’s smart contract and fraudulently generated approximately $9 million worth of inflated fees. He later negotiated with the exchange to return the stolen funds except for $1.5 million, contingent on the exchange refraining from reporting the attack to law enforcement.

Ahmed’s second attack was on Nirvana Finance, where he took out a flash loan for about $10 million and exploited Nirvana’s smart contract to make a substantial profit. His manipulation of the ANA token’s price resulted in him profiting approximately $3.6 million, effectively draining Nirvana of its funds and leading to its shutdown.

Ahmed’s laundering techniques and online searches

Post-hack, Ahmed engaged in various sophisticated methods to launder the stolen millions and conceal their source and ownership. His techniques included token-swap transactions, bridging fraud proceeds across blockchains, converting stolen assets into Monero (a cryptocurrency known for its anonymizing features), and using overseas cryptocurrency exchanges and mixers.

Additionally, Ahmed’s internet search history post-attacks revealed his awareness of potential criminal liability. He searched for terms related to DeFi hacks, prosecution of such crimes, wire fraud, evidence laundering, and even explored options for fleeing the U.S. and avoiding extradition.

Sentencing and acknowledgment of investigative Efforts

Ahmed, 34, from New York, New York, faces a maximum sentence of five years in prison. He is also required to pay restitution totaling over $5 million to his victims. The sentencing is scheduled for March 13, 2024, and will be determined by United States District Judge Victor Marrero.

U.S. Attorney Damian Williams commended the outstanding work of Homeland Security Investigations and the Internal Revenue Service – Criminal Investigation in the case. He also extended gratitude to the U.S. Attorney’s Office for the Southern District of California for its assistance.

The case, prosecuted by the Office’s Money Laundering & Transnational Criminal Enterprises Unit and Complex Frauds & Cybercrime Unit, represents a significant development in the fight against cybercrimes in the DeFi sector. Assistant U.S. Attorneys David R. Felton and Kevin Mead are leading the prosecution, setting a precedent for future cases in the rapidly evolving digital landscape.

Conclusion

Shakeeb Ahmed’s guilty plea in the groundbreaking case of hacking decentralized cryptocurrency exchanges signifies a pivotal moment in the legal realm of cybersecurity and DeFi. His conviction for the smart contract hack and the subsequent forfeiture of over $12.3 million serve as a stern warning against such cybercrimes, highlighting the evolving challenges and the legal system’s increasing capability to address and penalize sophisticated digital financial crimes.

Source: https://www.cryptopolitan.com/former-security-engineer-guilty-hacking/