Article Details

Ex-Amazon engineer gets 3 years for hacking crypto exchanges. Former Amazon security engineer Shakeeb Ahmed was sentenced to three years in prison for hacking two cryptocurrency exchanges in July 2022 and stealing over $12 million. Ahmed was also sentenced to three years of supervised release and ordered to forfeit $12.3 million and pay restitution to the two hacked companies. The breached entities are Nirvana Finance, a decentralized crypto exchange, and an unnamed exchange on the Solana blockchain platform that Ahmed hacked using his smart contract reverse engineering and blockchain audit skills. Ahmed pleaded guilty to one count of computer fraud in December, an offense with a maximum imprisonment term of five years. "Today, Shakeeb Ahmed was sentenced to prison in the first ever conviction for the hack of a smart contract and ordered to forfeit all of the stolen crypto," U.S. Attorney Damian Williams said on Friday. "No matter how novel or sophisticated the hack, this Office and our law enforcement partners are committed to following the money and bringing hackers to justice. And as today's sentence shows, time in prison — and forfeiture of all the stolen crypto — is the inevitable consequence of such destructive hacks." How it went down In the first attack, Ahmed targeted the undisclosed crypto exchange by using a smart contract to introduce false pricing data, leading to inflated fees of around $9 million. In the final stage of the attack, he withdrew all these funds and offered to return all but $1.5 million if the exchange wouldn't involve law enforcement. Although the Justice Department did not explicitly name the victim, the details of the attack match those of a July 2022 breach impacting the Crema Finance decentralized finance (DeFi) platform. Ahmed next exploited a loophole in the Nirvana Finance DeFi protocol smart contract to take a flash loan of ANA cryptocurrency tokens at a low price. He later sold them back at a higher rate, which earned him roughly $3.6 million. Nirvana Finance attempted to retrieve the crypto assets that were stolen from them by offering a $300,000 bounty. However, Ahmed refused to return the funds unless given a $1.4 million bounty. An agreement was not reached, causing Nirvana Finance to shut down and Ahmed to keep all the stolen funds, representing the entirety of the crypto exchange's funds. Ahmed used several cryptocurrency mixers to obscure the digital trail of the stolen funds, including Samourai Whirlpool, the Solana and Ethereum blockchains, and foreign exchanges to convert the millions he had stolen into Monero—a cryptocurrency known for enhanced privacy and anonymity. He also actively sought ways to evade detection and extradition, with his online searches revealing his interest in strategies to flee the United States, thwart asset seizures, and secure citizenship in different nations.