Shakeeb Ahmed used his skills in reverse engineering smart contracts and blockchain audits for exploitation.
A former security engineer, Shakeeb Ahmed, has been sentenced to three years in prison for hacking into two decentralized crypto exchanges (DEXs) and stealing crypto assets worth over $12 million. The sentence marks the first-ever U.S. conviction for hacking a smart contract.
Damian Williams, the United States Attorney for the Southern District of New York, announced the sentence, and U.S. District Judge Victor Marrero passed judgment.
According to court documents, Ahmed used an advanced hacking strategy to exploit vulnerabilities in the exchange’s security systems, allowing unauthorized access to sensitive user data and digital assets.
On July 2 and 3, 2022, the former security office used fake pricing data to generate roughly $9 million worth of inflated fees, then withdrew the fees as crypto. After stealing the fees, he contacted the crypto exchange, in which he agreed to return all the stolen funds except for $1.5 million only if the crypto exchange decided not to report the attack to authorities.
Nirvana Fund Launder
On July 28, 2022, Ahmend attacked a second DEX called “Nirvana” Finance. The ex-security officer used an exploit he discovered in Nirvana’s smart contracts to enable him to buy digital assets at a lower price than the contract initially was designed to permit.
After the exploit, Nirvana offered Ahmed a whopping $600,000 in exchange for returning the stolen funds. Still, he demanded $1.4 million instead, resulting in $3.6 million in stolen funds belonging to the exchange. As a result of the attack, Nirvana shortly shut down.
Additionally, Ahmed used the funds he laundered from the crypto exchange and Nirvana to hide their sources and ownership, using advanced techniques such as token-swap transactions.
Hiding the Money
Subsequently, he divided fraud proceeds from Solana and Ethereum blockchains, in which he exchanged fraud proceeds into Monero, an anonymized cryptocurrency that is difficult to trace.
At the time of the attack, Ahmed was a senior security engineer for an international technology firm. He was skilled in reverse engineering smart contracts and blockchain audits, which he used to execute the hacks.
The case is being prosecuted by the office’s Illicit Finance and Money Laundering Unit and Complex Fraud and Cyber Unit.