Shakeeb Ahmed, a former security engineer at Amazon, has pleaded responsible to costs of hacking and stealing over $12.3 million from two crypto exchanges in July 2022. This high-profile cybercrime incident, in accordance to BleepingComputer reporting, has despatched shockwaves by way of the cryptocurrency group, highlighting the vulnerabilities of decentralized finance platforms.
The two exchanges victimized by Ahmed’s subtle hacking abilities had been Nirvana Finance, a decentralized crypto alternate, and an unnamed alternate working on the Solana blockchain platform. Utilizing his experience in blockchain audit and good contract reverse engineering, Ahmed orchestrated a fancy scheme to manipulate and exploit these platforms.
Ahmed’s first goal was the undisclosed crypto alternate on the Solana blockchain. He manipulated a wise contract to introduce false pricing knowledge, which led to the technology of roughly $9 million in inflated charges. After withdrawing these funds, Ahmed openly supplied to return the stolen quantity, minus $1.5 million, on the situation that the alternate wouldn’t contain legislation enforcement. This assault carefully resembles the breach that impacted the Crema Finance decentralized finance platform in July 2022.
Following this preliminary hack, Ahmed turned his consideration to Nirvana Finance. He exploited a loophole in the DeFi protocol’s good contract, taking a flash mortgage of ANA cryptocurrency tokens at a low worth and promoting them again at the next fee. This maneuver netted him round $3.6 million. Despite being supplied a $300,000 bounty to return the stolen belongings, Ahmed refused, demanding $1.4 million and finally main to the shutdown of Nirvana Finance after no settlement was reached.
Evading seize and concealing the crypto heist
In an effort to evade seize and obscure the digital path of his illicit good points, Ahmed employed varied ways. He used cryptocurrency mixers, together with Samourai Whirlpool, and transferred funds throughout the Solana and Ethereum blockchains. He additionally used overseas exchanges to convert the stolen hundreds of thousands into Monero, a cryptocurrency favored for its enhanced privateness options.
Ahmed’s on-line actions revealed his intentions to flee the United States and keep away from authorized penalties. He researched methods to thwart asset seizures, safe citizenship in totally different international locations, and evade extradition, indicating a transparent plan to escape justice.
U.S. Attorney Damian Williams commented on the case, stating, “Five months ago, my Office announced the first-ever arrest involving an attack on a smart contract. Today, senior security engineer Shakeeb Ahmed pled guilty and agreed to return all of the stolen crypto to his victims. That arrest is now the first-ever conviction for such a hack.”
Ahmed’s responsible plea to a single laptop fraud cost carries a most imprisonment time period of 5 years. He has agreed to compensate his victims with a sum totaling $5,071,074.23 and can forfeit over $12.3 million, together with roughly $5.6 million price of fraudulently obtained cryptocurrency. His sentencing is scheduled for March 13, 2024, earlier than United States District Judge Victor Marrero.
This case serves as a stark reminder of the continuing security challenges confronted by the cryptocurrency {industry} and the necessity for sturdy protecting measures towards such subtle cyberattacks.
