CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 730
- Points
- 113
The former Amazon security specialist was extremely careless in his search queries, which led to his arrest.
An American cybersecurity specialist is accused of hacking a crypto exchange and stealing about $ 9 million worth of cryptocurrencies. Apparently, the white hacker turned black, but played his law-abiding role until the very end.
Yesterday, the U.S. Attorney's Office for the Southern District of New York charged Shakib Ahmed, 34, a former senior security engineer at an international technology company, with theft and money laundering on a particularly large scale.
The resume of the specialist reflects the skills, among other things, of reverse engineering smart contracts and auditing the blockchain, which are very specialized and could have been used by Ahmed in malicious activities.
The Ministry of Justice documents do not specify where exactly Ahmed worked, but his LinkedIn profile lists Amazon as the place of work. Upon official media inquiries, Amazon representatives confirmed the information, but said that Ahmed no longer works for the company.
While prosecutors did not specify which exchange was the victim of the attack, cryptocurrency news site CoinDesk reported that the description and date of the attack correspond to the attack on Crema Finance, a Solana-based exchange that occurred in early July 2022. It is these dates that appear in the indictment of a former Amazon security specialist.
Reportedly, after stealing $ 9 million worth of cryptocurrency, the hacker returned most of it back to the crypto exchange as a result of a certain agreement. In particular, Ahmed offered to keep "only" 1.5 million for "providing pentest services", and return the remaining 7.5 million to the exchange if it agrees not to transfer information about the attack to law enforcement agencies.
This is a very common practice in the world of cryptocurrencies. Hackers often negotiate with representatives of crypto exchanges about such things, and cornered representatives of such platforms, as a rule, have nowhere to go, and they go to the hackers ' terms. However, as this case clearly demonstrates, the return of part of the crypto mining does not mean that the attacked company will not contact the relevant authorities.
"Ahmed used his computer security engineering skills to steal millions of dollars. Then he allegedly tried to hide the stolen funds, but his skills could not match the skills of the Internal Revenue Service's Cybercrime Criminal Investigation Unit, " Special Agent Tyler Hatcher, who works in the Internal Revenue Service's criminal investigation Division, proudly states.
According to the indictment, Ahmed allegedly exploited a vulnerability on the exchange and inserted "fake price data to fraudulently generate millions of dollars worth of inflated commissions that he didn't actually earn, but was still able to withdraw."
Then, according to the feds, Ahmed allegedly laundered the stolen cryptocurrency "through a series of transactions" such as a token exchange, a" transfer " of proceeds from the Solana blockchain to the Ethereum blockchain, and others.
Later, Ahmed reportedly searched the Internet for information about the hacker attack, "his criminal responsibility," lawyers who had experience in such cases, the possibility of investigating such an attack by law enforcement agencies, and "fleeing the United States to avoid criminal charges."
It is quite possible that the hacker would not have been able to get out if he had been more careful in his search queries. Meanwhile, each of the charges against the man carries a maximum penalty of up to 20 years in prison. It is not clear whether the game was worth the candle, but now the attacker clearly regrets that a year ago he did not act differently.
An American cybersecurity specialist is accused of hacking a crypto exchange and stealing about $ 9 million worth of cryptocurrencies. Apparently, the white hacker turned black, but played his law-abiding role until the very end.
Yesterday, the U.S. Attorney's Office for the Southern District of New York charged Shakib Ahmed, 34, a former senior security engineer at an international technology company, with theft and money laundering on a particularly large scale.
The resume of the specialist reflects the skills, among other things, of reverse engineering smart contracts and auditing the blockchain, which are very specialized and could have been used by Ahmed in malicious activities.
The Ministry of Justice documents do not specify where exactly Ahmed worked, but his LinkedIn profile lists Amazon as the place of work. Upon official media inquiries, Amazon representatives confirmed the information, but said that Ahmed no longer works for the company.
While prosecutors did not specify which exchange was the victim of the attack, cryptocurrency news site CoinDesk reported that the description and date of the attack correspond to the attack on Crema Finance, a Solana-based exchange that occurred in early July 2022. It is these dates that appear in the indictment of a former Amazon security specialist.
Reportedly, after stealing $ 9 million worth of cryptocurrency, the hacker returned most of it back to the crypto exchange as a result of a certain agreement. In particular, Ahmed offered to keep "only" 1.5 million for "providing pentest services", and return the remaining 7.5 million to the exchange if it agrees not to transfer information about the attack to law enforcement agencies.
This is a very common practice in the world of cryptocurrencies. Hackers often negotiate with representatives of crypto exchanges about such things, and cornered representatives of such platforms, as a rule, have nowhere to go, and they go to the hackers ' terms. However, as this case clearly demonstrates, the return of part of the crypto mining does not mean that the attacked company will not contact the relevant authorities.
"Ahmed used his computer security engineering skills to steal millions of dollars. Then he allegedly tried to hide the stolen funds, but his skills could not match the skills of the Internal Revenue Service's Cybercrime Criminal Investigation Unit, " Special Agent Tyler Hatcher, who works in the Internal Revenue Service's criminal investigation Division, proudly states.
According to the indictment, Ahmed allegedly exploited a vulnerability on the exchange and inserted "fake price data to fraudulently generate millions of dollars worth of inflated commissions that he didn't actually earn, but was still able to withdraw."
Then, according to the feds, Ahmed allegedly laundered the stolen cryptocurrency "through a series of transactions" such as a token exchange, a" transfer " of proceeds from the Solana blockchain to the Ethereum blockchain, and others.
Later, Ahmed reportedly searched the Internet for information about the hacker attack, "his criminal responsibility," lawyers who had experience in such cases, the possibility of investigating such an attack by law enforcement agencies, and "fleeing the United States to avoid criminal charges."
It is quite possible that the hacker would not have been able to get out if he had been more careful in his search queries. Meanwhile, each of the charges against the man carries a maximum penalty of up to 20 years in prison. It is not clear whether the game was worth the candle, but now the attacker clearly regrets that a year ago he did not act differently.
