A former security engineer has pleaded guilty to charges related to the hacks of two decentralized cryptocurrency exchanges last July, including the high-profile collapse of Nirvana Finance.
Shakeeb Ahmed, who worked as a senior security engineer at an international technology company, admitted that he discovered and exploited vulnerabilities in smart contracts to attack the exchange. This is the first conviction for a smart contract violation.
key point
- Ahmed exploited a vulnerability in an exchange’s smart contract to insert fake data, resulting in $9 million in fees from one exchange.
- Ahmed launched a $10 million flash loan attack against Nirvana Finance, manipulating prices to make a $3.6 million profit, causing the protocol to collapse.
- Ahmed received his first conviction for violating a smart contract, agreeing to forfeit more than $12 million and pay restitution to victims.
- Ahmed laundered money using advanced techniques such as cryptocurrency exchanges, use of mixers and offshore exchanges, and inter-blockchain connections.
The first hack targeted an anonymous exchange in early July. Ahmed cleverly inserted fake price data into one of the exchange’s smart contracts. This resulted in the contract generating approximately $9 million in massively inflated trading fees and Ahmed immediately backed out.
Judge: How old are you?
Shakeeb Ahmed: 34 years old. I received my bachelor’s degree from the University of Illinois.
Judge: Are you aware that you are seeking to change your plea to guilty?
Ahmed: Right.
The judge will take a short break and then return. Thread continues below pic.twitter.com/9C6AlXnStA— Inner City Press (@innercitypress) December 14, 2023
After the successful heist, Ahmed began communicating with the hacked exchange, offering to return most of the funds in exchange for law enforcement not getting involved.
- Emboldened, Ahmed set his sights on Nirvana Finance in late July.
- He took out a massive $10 million flash loan, which he used to manipulate Nirvana’s smart contracts and carry out a sophisticated price arbitrage scheme.
- By briefly buying up Nirvana’s ANA tokens at a rock-bottom price and then selling them back to Nirvana at a very high price, Ahmed converted a $10 million loan into $13.6 million, making a huge profit of $3.6 million.
- Despite Nirvana’s offer of a bug bounty for reporting the vulnerability, Ahmed demanded a higher payout, which led to the closure of Nirvana Finance shortly after the incident.
Ahmed made a total of over $12 million through two audacious exchange hacks.
According to US Attorney Damian Williams, Ahmed utilized a wide range of techniques to cover his tracks, using sophisticated money laundering techniques. This includes connecting between cryptocurrency networks, using mixers, exchanging privacy coins like Monero, and accessing offshore cryptocurrency exchanges.
However, law enforcement still identified and arrested Ahmed for the violation. The 34-year-old New York resident has now pleaded guilty to computer fraud charges.
As part of the plea agreement, Ahmed will forfeit more than $12 million, including returning $5 million to victims, marking a major victory for authorities seeking to prosecute complex crypto-related cybercrimes.
Ahmed faces up to five years in prison when he is sentenced in March 2024. The incident highlights that despite the growing sophistication of hackers exploiting vulnerabilities in the cryptocurrency sector’s expanding attack surface, justice can still catch up with perpetrators who believe they can get away safely. With shameless cybercrime and money laundering.