The First-Ever Smart Contract Hacking Conviction in the US
Former security engineer Shakeeb Ahmed orchestrated a series of hacks on two decentralized cryptocurrency exchanges, resulting in the theft of over $12 million worth of crypto. Today, he was sentenced to three years in prison, marking the first-ever smart contract hacking conviction in the US. Ahmed was also ordered to forfeit the stolen crypto and pay restitution to the affected exchanges.
Engineer’s Exploits in $12 Million Hacks
Ahmed conducted two separate attacks on decentralized exchanges. The first incident occurred on July 2 and 3, 2022, where he manipulated fake pricing data to generate approximately $9 million in inflated fees. He then withdrew these fees in the form of cryptocurrency. Following the theft, Ahmed offered to return the stolen funds, except $1.5 million, if the exchange avoided involving law enforcement.
- July 2 and 3, 2022 – Manipulated fake pricing data to generate $9 million in inflated fees
- Engaged with the exchange to return stolen funds, except $1.5 million
On July 28, 2022, Ahmed targeted another decentralized exchange called Nirvana Finance. Exploiting a vulnerability in Nirvana’s smart contracts, he purchased crypto assets at a lower price than intended and resold them back to Nirvana at a higher price. This led to the collapse of the exchange, resulting in a loss of approximately $3.6 million.
- July 28, 2022 – Targeted Nirvana Finance, exploiting smart contract vulnerabilities
- Caused the collapse of the exchange, losing around $3.6 million
From a Security Expert to a Cybercriminal
The investigation revealed that Ahmed used advanced money laundering techniques to hide the source and ownership of the stolen funds. These techniques included token swap transactions, transferring funds between blockchains, converting to Monero, and using overseas exchanges and cryptocurrency mixers.
- Utilized advanced money laundering techniques to conceal funds
- Conducted various transactions to obfuscate the source of the stolen crypto
Ahmed, a US citizen, held a senior security engineer position at an international technology company during the attacks. His expertise in reverse engineering smart contracts and conducting blockchain audits helped him execute the hacks. In addition to the three-year prison term, Ahmed must forfeit approximately $12.3 million and pay over $5 million in restitution to the affected exchanges.
- Expertise in reverse engineering smart contracts and blockchain audits
- Sentenced to three years in prison and ordered to forfeit $12.3 million
Hot Take: First-Ever Smart Contract Hacking Conviction
After orchestrating a series of hacks on two decentralized cryptocurrency exchanges, former security engineer Shakeeb Ahmed was sentenced to three years in prison, marking the first-ever smart contract hacking conviction in the US. Ahmed must forfeit the stolen crypto and pay restitution to the affected exchanges.
By
By
By