Former Amazon security engineer Shakeeb Ahmed has been sentenced to three years in prison for hacking two cryptocurrency exchanges in July 2022, resulting in the theft of over $12 million. Along with the prison term, Ahmed faces three years of supervised release and has been ordered to forfeit $12.3 million and pay restitution to the affected companies. He pleaded guilty to one count of computer fraud in December, marking the first-ever conviction for hacking a smart contract.
In the attacks, Ahmed utilized his expertise in smart contract reverse engineering and blockchain auditing to exploit vulnerabilities in decentralized crypto exchanges. In the first incident, he manipulated a smart contract to introduce false pricing data, resulting in inflated fees totaling around $9 million. Ahmed withdrew these funds and offered to return most of it if law enforcement wasn’t involved. In the second attack, he exploited a loophole in the Nirvana Finance DeFi protocol to execute a flash loan, earning approximately $3.6 million.
Despite attempts by the victims to retrieve the stolen assets, Ahmed refused to return the funds unless offered a substantial bounty. Nirvana Finance, one of the breached exchanges, ultimately shut down, leading Ahmed to keep all the stolen funds. To obscure the digital trail, Ahmed used cryptocurrency mixers and various blockchains to convert the stolen funds into Monero, a cryptocurrency known for its enhanced privacy and anonymity. Additionally, he sought ways to evade detection and extradition, demonstrating a calculated effort to escape legal consequences.
