Has the Nirvana financial attack been resolved? Security engineer pleads guilty in $12 million cryptocurrency hack
It looks like another hack is shaking up the cryptocurrency industry. But this time, the perpetrator is the owner.
Shakeeb Ahmed, a former security engineer at an international technology company, admitted to hacking Nirvana Finance and another unnamed decentralized cryptocurrency exchange. This is the first ever case of a smart contract violation.
Admission to fraud
In a press release from the Southern District of New York, the United States Attorney announced today that Shakeeb Ahmed pleaded guilty in connection with hacking two separate decentralized cryptocurrency exchanges. One of them was the Nirvana Finance hack in July 2022.
Ahmed pleaded guilty to computer fraud before U.S. Magistrate Judge Ona T. Wang and agreed to return all stolen cryptocurrency to his victims. Ahmed also agreed to forfeit more than $12.3 million, including the forfeiture of approximately $5.6 million in fraudulently obtained cryptocurrency.
In a statement, U.S. Attorney Damian Williams described the defendant’s attempts to cover his tracks.
“Ahmed used his technological know-how to steal a total of more than $12 million, exchanging stolen cryptocurrencies for Monero, using cryptocurrency mixers, jumping blockchain, and leveraging offshore cryptocurrency exchanges to keep his tracks. I tried to hide it. “Today’s conviction shows that fraud is fraud, no matter how sophisticated the methods, and we will catch and convict quickly.”
Understanding Hacking Procedures
On July 2 and 3, 2022, Ahmed exploited a vulnerability in one of the exchange’s smart contracts and inserted fake pricing data, causing that smart contract to generate inflated fees worth approximately $9 million that he did not legally make. An unspecified cryptocurrency exchange was attacked using a method. Earn.
After the robbery, he contacted the cryptocurrency exchange and agreed to return all but $1.5 million of the stolen funds if they agreed not to refer the attack to law enforcement.
And he continued…
Nirvana was the second decentralized finance protocol hacked by Ahmed. On or about July 28, 2022, a few weeks after the cryptocurrency exchange hack occurred, Ahmed launched an attack against Nirvana, obtaining a flash loan of approximately $10 million and using the funds to purchase ANA from Nirvana, which he then used to purchase ANA from Nirvana. I discovered a way to buy ANA at an initial low price rather than at a higher price in the contract.
When the price of ANA was updated to reflect his large purchase, Ahmed resold the ANA he had purchased to Nirvana at the new, higher price, making a profit of approximately $3.6 million.
Despite Nirvana offering a $600,000 bug bounty, Ahmed demanded $1.4 million, leading to a standoff. The damage from his $3.6 million heist proved fatal to Nirvana, and the company collapsed shortly thereafter.
All’s well that ends well, right?
Ahmed used sophisticated techniques, including token swap transactions, linking fraud proceeds from the Solana blockchain to the Ethereum blockchain, exchanging fraud proceeds to Monero, an anonymized and particularly difficult to trace cryptocurrency, using overseas cryptocurrency exchanges, and using cryptocurrency. used to launder millions of dollars stolen. Mixers like Samourai Whirlpool.
Now 34, he has pleaded guilty to one count of computer fraud, for which he could be sentenced to up to five years in prison. He also agreed to pay a total of $5 million in restitution to his victims.
The community awaits the hearing as the final ruling is expected on March 13, 2024.