Ahmed's case is the first of its kind that the U.S. Attorney's Office has faced.
Shakib Ahmed, a New Yorker, was sentenced to 3 years in prison for hacking two crypto exchanges and stealing more than $5 million worth of cryptocurrencies. According to the prosecutor's office, this is the first case of a conviction for hacking a smart contract.
Ahmed attacked the first cryptocurrency exchange on July 2 and 3, 2022, using fake price data to generate approximately $9 million. in the form of inflated commissions, which were then withdrawn in cryptocurrency. After the theft, Ahmed offered the exchange to return the stolen funds, with the exception of $1.7 million, if the crypto exchange does not report the attack to law enforcement agencies. The hacker managed to get $1.7 million as a reward. The remaining $7.3 million was returned to the platform.
While prosecutors did not specify which exchange was the victim of the attack, news site CoinDesk reported that the description and date of the attack correspond to the attack on Crema Finance, a Solana-based exchange that occurred in early July 2022. It is these dates that appear in the indictment.
A few weeks later, on July 28, Ahmed attacked a second exchange, Nirvana Finance, using a vulnerability he found in smart contracts to buy cryptocurrency at a low price and then resell it at an inflated price. Nirvana offered Ahmed a reward of up to $600,000 for a refund, but Ahmed demanded $1.4 million and, without reaching an agreement with the platform, kept the stolen $3.6 million, which led to the closure of the exchange.
To hide the origin of the stolen funds, Ahmed used sophisticated methods, including token exchanges, moving funds between blockchains (from Solana to Ethereum), using anonymous cryptocurrencies (Monero) and cryptocurrency mixers (Samourai Whirlpool). Despite all attempts to conceal the source of funds, the criminal was exposed.
At the time of both attacks, the US citizen was a senior security engineer at an international technology company, whose resume reflected skills in, among other things, smart contract reverse engineering and blockchain auditing, which are among the specialized skills for performing hacks.
The documents of the Ministry of Justice do not specify where exactly Ahmed worked, but in his LinkedIn profile*, Amazon is indicated as the place of work. Upon official media inquiries, Amazon representatives confirmed the information, but said that Ahmed no longer works for the company.
It should be noted that in December 2023, Shakib Ahmed pleaded guilty to hacking two decentralized crypto exchanges and stealing digital assets worth more than $5 million. In addition to the prison term, Ahmed faces 3 years of probation. Also, the criminal must pay compensation to exchanges in excess of $5 million.
Shakib Ahmed, a New Yorker, was sentenced to 3 years in prison for hacking two crypto exchanges and stealing more than $5 million worth of cryptocurrencies. According to the prosecutor's office, this is the first case of a conviction for hacking a smart contract.
Ahmed attacked the first cryptocurrency exchange on July 2 and 3, 2022, using fake price data to generate approximately $9 million. in the form of inflated commissions, which were then withdrawn in cryptocurrency. After the theft, Ahmed offered the exchange to return the stolen funds, with the exception of $1.7 million, if the crypto exchange does not report the attack to law enforcement agencies. The hacker managed to get $1.7 million as a reward. The remaining $7.3 million was returned to the platform.
While prosecutors did not specify which exchange was the victim of the attack, news site CoinDesk reported that the description and date of the attack correspond to the attack on Crema Finance, a Solana-based exchange that occurred in early July 2022. It is these dates that appear in the indictment.
A few weeks later, on July 28, Ahmed attacked a second exchange, Nirvana Finance, using a vulnerability he found in smart contracts to buy cryptocurrency at a low price and then resell it at an inflated price. Nirvana offered Ahmed a reward of up to $600,000 for a refund, but Ahmed demanded $1.4 million and, without reaching an agreement with the platform, kept the stolen $3.6 million, which led to the closure of the exchange.
To hide the origin of the stolen funds, Ahmed used sophisticated methods, including token exchanges, moving funds between blockchains (from Solana to Ethereum), using anonymous cryptocurrencies (Monero) and cryptocurrency mixers (Samourai Whirlpool). Despite all attempts to conceal the source of funds, the criminal was exposed.
At the time of both attacks, the US citizen was a senior security engineer at an international technology company, whose resume reflected skills in, among other things, smart contract reverse engineering and blockchain auditing, which are among the specialized skills for performing hacks.
The documents of the Ministry of Justice do not specify where exactly Ahmed worked, but in his LinkedIn profile*, Amazon is indicated as the place of work. Upon official media inquiries, Amazon representatives confirmed the information, but said that Ahmed no longer works for the company.
It should be noted that in December 2023, Shakib Ahmed pleaded guilty to hacking two decentralized crypto exchanges and stealing digital assets worth more than $5 million. In addition to the prison term, Ahmed faces 3 years of probation. Also, the criminal must pay compensation to exchanges in excess of $5 million.
