Shakeeb Ahmed, a former software engineer at Amazon, was sentenced to three years in prison for exploiting smart contracts.
The 2022 breach resulted in the theft of over $12 million in various cryptocurrencies. This trial was the first ruling on a cyberattack against a smart contract.
Ahmed admitted to manipulating the smart contract in December 2023. By inserting fraudulent price data into platform contracts, the engineers generated approximately $12 million in unrealized profits, which were later withdrawn in cryptocurrency.
Prosecutors chose not to disclose one of the affected platforms, but evidence in the indictment suggests that platform was Crema Finance. The other platform involved was Nirvana Finance, which ceased operations following a hack in July 2022.
Before the incident, Ahmed led Amazon’s bug bounty program to identify and fix security holes in its software. Prosecutors emphasized the novelty of this case involving smart contract hacking and requested a four-year prison sentence.
They acknowledged Ahmed’s cooperation and the return of most of the stolen funds, but stressed that his imprisonment was necessary to act as a deterrent and highlight the seriousness of the crime.
Meanwhile, Ahmed’s lawyers argued for a suspended sentence instead of a prison sentence, citing his mental health as compromised at the time of the hack and the fact that the stolen funds were largely untouched other than to cover a relative’s medical bills. Ahmed, originally from Saudi Arabia, appealed to his legal team for leniency based on the following factors: