Shakeeb Ahmed, a 34-year-old resident of New York, has been arrested in the United States on charges of wire fraud and money laundering related to a fraudulent scheme targeting a decentralized cryptocurrency exchange in 2022.
Ahmed allegedly exploited a smart contract vulnerability, resulting in the defrauding of the exchange and its users of approximately $9 million. As a senior security engineer with expertise in smart contracts and blockchain audits, Ahmed returned most of the stolen funds after contacting the exchange but kept around $1.5 million as a bounty.
Although the indictment does not explicitly name the affected cryptocurrency exchange, the attack’s description aligns with the incident reported by Crema Finance in July 2022.
Crema Finance disclosed that hackers had exploited a similar mechanism, stealing assets worth about $8.8 million. The exchange later announced that the hacker had agreed to a “white hat bounty” of approximately $1.68 million and returned the remaining stolen assets.
At the same time, the charges of wire fraud and money laundering carry potential prison sentences of up to 20 years each. Ahmed’s arrest marks the first criminal case involving an attack on a smart contract operated by a decentralized cryptocurrency exchange, as highlighted by the US Department of Justice.
The case serves as a reminder of the ongoing challenges and risks faced by the cryptocurrency industry in terms of security and fraudulent activities.