Hacker pleads guilty to hacking two exchanges, faces up to five years in prison for computer fraud

Former security engineer Shakeeb Ahmed has pleaded guilty to hacking two decentralized cryptocurrency exchanges.

This is the first conviction for smart contract hacking.

The hack occurred in July 2022 targeting an anonymous cryptocurrency exchange and Nirvana Finance.

Ahmed, who was an experienced security engineer at the time, leveraged his expertise in blockchain auditing and reverse engineering of smart contracts to launch this sophisticated attack.

The attack on the cryptocurrency exchange involved exploiting a smart contract vulnerability and resulted in fraudulent fees amounting to approximately $9 million.

Ahmed communicated with the exchange and offered to return the stolen funds in exchange for no involvement with law enforcement.

For Nirvana Finance, Ahmed leveraged flash loans and exploited smart contract vulnerabilities to secure approximately $3.6 million in profits.

Despite Nirvana’s attempts to resolve the issue with a bug bounty offer, Ahmed demanded $1.4 million, which led to the platform’s closure due to financial exhaustion.

To obscure the source of his profits, Ahmed used a variety of advanced laundering techniques, including token exchange transactions, blockchain bridging, Monero exchanges, and cryptocurrency mixers.

Ahmed now faces up to five years in prison for computer fraud.

Sentencing is scheduled for March 13, 2024, before U.S. District Judge Victor Marrero.

This case represents a joint effort by the Department of Homeland Security Investigations, the Internal Revenue Service – Criminal Investigations, and the U.S. Attorney’s Office for the Southern District of California.

As part of the plea agreement, Ahmed promised to pay more than $5 million in restitution to the victims.