A former security engineer he is been convicted to three years in prison in the United States for charges related to the hacking of two decentralized cryptocurrency exchanges in July 2022 and the theft of more than $12.3 million.
The fate of the former engineer
Former engineer Shakeeb Ahmed, the appellant in question, he pleaded guilty to one count of computer fraud in December 2023 following his arrest the previous July.
“At the time of both attacks, Ahmed, [l’ex ingegnere] US citizen, was a senior security engineer for an international technology company whose resume reflected expertise in, among other things, smart contract reverse engineering and blockchain audits, which are some of the specialized skills Ahmed used to carry out the attacks” the US Department of Justice (DoJ) announced at the time.
Although the name of the company was not disclosed, the former engineer he resided in Manhattan, New York, and worked for Amazon before he was arrested.
Court documents show that Ahmed exploited a security flaw in a cryptocurrency exchange's smart contracts not nominated to insert “false pricing data in order to fraudulently generate millions of dollars in inflated commissions“, which he managed to collect.
Subsequently, contacted the company and agreed to return most of the funds except $1.5 million if the exchange had agreed not to alert law enforcement about the flash loan attack.
It is important to note that CoinDesk reported in early July 2022 that an unknown attacker returned more than $8 million worth of cryptocurrency at a cryptocurrency exchange based in Solana called Crema Finance, holding $1.68 million as a “white hat” reward.
Ahmed was also accused of perpetrating an attack against a second decentralized cryptocurrency exchange called Nirvana Finance, embezzling $3.6 million in the process, ultimately leading to its closure.
“Ahmed used a flaw he discovered in Nirvana's smart contracts to allow him to purchase cryptocurrency from Nirvana at a lower price than the contract was designed to allow” the DoJ said.
“He then immediately resold that cryptocurrency to Nirvana at a higher price. Nirvana offered Ahmed a 'bug bounty' of up to $600,000 to return the stolen funds, but Ahmed instead asked for $1.4 million, did not reach a deal with Nirvana, and kept all the stolen funds.”
The appellant then laundered the stolen funds to cover his tracks by using cross-chain bridges to move the illicit digital assets from Solana to Ethereum and exchanging proceeds into Monero using mixers like Samourai Whirlpool.
In addition to the three-year prison sentence, Ahmed was sentenced to three years of supervised release and was ordered to forfeit approximately $12.3 million and pay compensation of more than $5 million to both the affected cryptocurrency exchanges.
This ruling highlights the importance of cybersecurity in the cryptocurrency industry and the need for strict vigilance against cyber attacks; The legal action against Ahmed shows that authorities are determined to prosecute those who break the law in the cryptocurrency world, whether through fraud or theft.
Cases similar to this former engineer
Here are some cases similar to this former engineer of security breaches in the cryptocurrency industry:
- Mt. Gox: In 2014Mt. Gox, one of the largest Bitcoin exchanges at the time, was hacked and approximately 850,000 Bitcoins were stolen, leading to its bankruptcy.
- Coincheck: In 2018, the Japanese exchange platform Coincheck suffered a hacker attack in which approximately 500 million NEM (XEM) was stolen, worth over 500 million dollars.
- Bitfinex: In 2016, Bitfinex, a major cryptocurrency exchange, suffered a cyber attack in which approximately 120,000 Bitcoins were stolen, leading to the loss of millions of dollars.
- DAO Hack: In 2016, the DAO (Decentralized Autonomous Organization), an Ethereum-based investment fund, was hacked and about a third of the funds were stolen, causing a hard fork in the Ethereum blockchain.
- Binance: In 2019, Binance, one of the largest cryptocurrency exchanges in the world, suffered an attack in which approximately 7,000 Bitcoins were stolen, but it managed to repay the damaged users using its insurance fund.
These are just a few notable examples similar to the former engineer's example of security breaches in the cryptocurrency industry which have had a significant impact on the industry and user confidence.
#security #engineer #sentenced #years