Former Senior Security Engineer Sentenced to 3 Years in Prison for Hacking Decentralized Crypto Exchanges and Stealing $12 Million Worth of Cryptocurrency
Former senior security engineer Shakeeb Ahmed has been sentenced to three years in prison for hacking two decentralized crypto exchanges and stealing over $12 million worth of cryptocurrency. This marks the first-ever conviction for the hack of a smart contract, announced by Damian Williams, the United States Attorney for the Southern District of New York.
Ahmed, a 34-year-old U.S. citizen from New York, pleaded guilty to computer fraud. In July 2022, he hacked a decentralized cryptocurrency exchange using fake pricing data, generating approximately $9 million in inflated fees. He also exploited a vulnerability in Nirvana Finance’s smart contracts, stealing $3.6 million and causing the platform to shut down. In addition to the prison term, Ahmed was ordered to forfeit $12.3 million.
According to the Department of Justice, Ahmed carried out the first crypto hacking attack on a decentralized cryptocurrency exchange on July 2 and 3, 2022. Using fake pricing data, he generated approximately $9 million worth of inflated fees, which he then withdrew in the form of cryptocurrency. Following the theft, Ahmed began communicating with the exchange and promised to return all stolen funds, except $1.5 million, if the exchange committed not to report the incident to authorities.
Just a few weeks later, on July 28, 2022, Ahmed launched a second attack on Nirvana Finance. He exploited a vulnerability in Nirvana’s smart contracts to purchase cryptocurrency at a lower price than the contract’s design and promptly resold it to Nirvana at a higher price. Despite Nirvana’s offer of a “bug bounty” of up to $600,000 for the return of the stolen funds, Ahmed demanded $1.4 million and ultimately kept all of them, totaling $3.6 million. The loss represented nearly all of Nirvana’s funds, forcing the platform to shut down shortly after the attack.
Ahmed was a senior security engineer for an international technology company when the attacks happened. U.S. Attorney Damian Williams emphasized the significance of the conviction and sentencing, stating, “No matter how novel or sophisticated the hack, this Office and our law enforcement partners are committed to following the money and bringing hackers to justice.”
This case serves as a reminder of the risks associated with cryptocurrency exchanges and the importance of robust security measures to protect users’ funds.
