Inside Job: Security Engineer Behind Multi-Million Dollar Crypto Exploits

Disclosure: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. By using this website, you agree to our terms and conditions. We may utilise affiliate links within our content, and receive commission.Source: Adobe / Rawpixel.comShakeeb Ahmed, a senior security engineer associated with an international technology company, pleaded guilty on December 14 to computer fraud in connection with his hacking of two decentralized crypto exchanges.

The announcement of the guilty plea was made by Damian Williams, the United States Attorney for the Southern District of New York, on Thursday this week.

Ahmed’s guilty plea is noteworthy as it marks the first-ever conviction for hacking a smart contract.

The charges relate to the July 2022 hacks on two exchanges, one of which was simple referred to as the “crypto exchange,” and the other a part of the decentralized finance (DeFi) protocol Nirvana Finance.

Former security engineer for international technology company pleads guilty to hacking two decentralized cryptocurrency exchanges

— US Attorney SDNY (@SDNYnews) December 14, 2023

At the time of the attacks, Ahmed, a 34-year-old US citizen, served as a senior security engineer and possessed specialized skills in reverse engineering smart contracts and conducting blockchain audits, the prosecutor said in the announcement.

Crypto exchange hack

The crypto exchange allowed users to trade ious cryptocurrencies and rewarded users for providing liquidity.

Ahmed exploited a vulnerability in the exchange’s smart contracts, leading to the fraudulent generation of approximately $9 million in trading fees.

Following the theft, Ahmed entered into discussions with the exchange, agreeing to return most of the stolen funds if the exchange did not contact the police.

Nirvana Finance attack

In another attack, Ahmed targeted Nirvana Finance in July 2022.

Using a so-called flash loan, he secured approximately $10 million, manipulated Nirvana’s smart contracts, and profited around $3.6 million.

Despite Nirvana’s offer of a “bug bounty,” Ahmed demanded $1.4 million, resulting in the closure of Nirvana after he retained all stolen funds.

After the attacks, Ahmed employed intricate laundering techniques, including token-swap transactions, bridging fraud proceeds between blockchains, and converting funds into the privacy coin Monero (XMR).

Facing five years in prison

Ahmed pleaded guilty to one count of computer fraud, carrying a maximum sentence of five years in prison.

As part of the plea agreement, he agreed to forfeit over $12.3 million, including about $5.6 million worth of stolen crypto.

Ahmed is scheduled for sentencing on March 13, 2024 before United States District Judge Victor Marrero.