Perpetrator of Smart Contract Breaches Admits Fraud
Shakeeb Ahmed, a former security engineer for an international technology company, has admitted to hacking Nirvana Finance and another unnamed decentralized cryptocurrency exchange. This marks a historic first for smart contract breaches.
Admitting Fraud
In a press release by the Southern District of New York, the United States Attorney announced the guilty plea today of Shakeeb Ahmed in connection with his hack of two separate decentralized cryptocurrency exchanges, one of which was the July 2022 hack of Nirvana Finance.
Ahmed pled guilty to computer fraud before U.S. Magistrate Judge Ona T. Wang and agreed to return all of the stolen crypto to his victims. He also agreed to forfeit over $12.3 million, including forfeiture of approximately $5.6 million in fraudulently obtained cryptocurrency.
In a statement, U.S. Attorney Damian Williams outlined the accused’s attempts to cover his tracks.
Understanding the Hacking Procedure
On July 2 and 3, 2022, Ahmed attacked the unspecified Crypto Exchange by exploiting a vulnerability in one of the exchange’s smart contracts and inserting fake pricing data to fraudulently cause that smart contract to generate approximately $9 million worth of inflated fees that he did not legitimately earn.
Post the heist, he communicated with the Crypto Exchange in which he agreed to return all of the stolen funds except for $1.5 million if they agreed not to refer the attack to law enforcement.
And He Continued…
Nirvana was a second decentralized finance protocol that Ahmed hacked. On about July 28, 2022, a few weeks after the hack of the Crypto Exchange, Ahmed carried out an attack on Nirvana in which he took out a flash loan for approximately $10 million, used those funds to purchase ANA from Nirvana, and used an exploit he discovered in Nirvana’s smart contracts to purchase the ANA at its initial, low price, rather than at the higher price.
When the price of ANA was updated to reflect his large purchase, Ahmed resold the ANA he had purchased to Nirvana at the new, higher price, resulting in a profit of approximately $3.6 million. Despite Nirvana’s $600,000 bug bounty offer, Ahmed demanded $1.4 million, leading to a standoff. The fallout from his $3.6 million heist proved fatal for Nirvana, which collapsed shortly after.
All’s Well That Ends Well?
Ahmed laundered millions he stole using sophisticated techniques, including token-swap transactions, bridging fraud proceeds from the Solana blockchain over to the Ethereum blockchain, exchanging fraud proceeds into Monero, an anonymized and particularly difficult cryptocurrency to trace, using overseas cryptocurrency exchanges, and using cryptocurrency mixers such as Samourai Whirlpool.
Now, the 34-year-old has pled guilty to one count of computer fraud, which carries a maximum sentence of five years in prison. He has also agreed to pay restitution to his victims totaling $ 5 million. The community waits for the hearing as the final sentence is scheduled to be on March 13, 2024.
Hot Take: A Guilty Plea in a Historic Smart Contract Breach.
It seems like yet ANOTHER hack is shaking up the crypto space. But this time, the perpetrator is owning up. Shakeeb Ahmed, a former security engineer, admitted to hacking Nirvana Finance and another unnamed decentralized cryptocurrency exchange —a historic first for smart contract breaches.
By
By
By
By
By