A former security engineer has been sentenced to three years in prison in the United States for hacking two decentralized cryptocurrency exchanges in July 2022 and stealing more than $12.3 million.
The defendant in question, Shakeeb Ahmed, pleaded guilty to one count of computer fraud in December 2023 after his arrest in July.
“At the time of both attacks, Ahmed, a U.S. citizen, was a senior security engineer at an international technology company. His resume reflected skills in reverse engineering smart contracts and blockchain auditing, which Ahmed Some of their specialized skills are used to carry out hacking attacks,” the U.S. Department of Justice (DoJ) noted at the time.
While the name of the company was not disclosed, he lived in Manhattan, New York, and worked for Amazon before his arrest.
Court documents reveal that Ahmed exploited a security flaw in a smart contract at an unnamed cryptocurrency exchange to insert “false pricing data to fraudulently generate millions of dollars’ worth of inflated fees,” which he was able to withdraw.
He then began contacting the company and agreed to return most of the funds, except $1.5 million, if the exchange agreed not to alert law enforcement about the flash loan attack.
Notably, CoinDesk reported in early July 2022 that an unidentified attacker returned more than $8 million worth of cryptocurrency to a Solana-based cryptocurrency exchange called Crema Finance, while retaining 168 Ten thousand US dollars as a “white hat” bounty.
Ahmed is also accused of launching an attack on a second decentralized cryptocurrency exchange called Nirvana Finance, embezzling $3.6 million in the process, which ultimately led to the exchange’s closure.
“Ahmed exploited a vulnerability he discovered in Nirvana’s smart contract that allowed him to purchase cryptocurrency from Nirvana at a lower price than the contract’s design allowed,” the DOJ said.
“He then immediately resold the cryptocurrency to Nirvana at a higher price. Nirvana offered Ahmed a ‘bug bounty’ of up to $600,000 to return the stolen funds, but Ahmed instead demanded $1.4 million without any agreement with Nirvana An agreement was reached and all stolen funds were retained.”
The defendants then laundered the stolen funds using cross-chain bridges to cover their tracks, moving the illicit digital assets from Solana to Ethereum, and using mixers such as Samourai Whirlpool to convert the proceeds into Monero.
In addition to three years in prison, Ahmed was sentenced to three years of supervised release and ordered to forfeit approximately $12.3 million and pay more than $5 million in restitution to two affected cryptocurrency exchanges.
