Former senior cybersecurity engineer of the American IT company Shakib Ahmed has been found guilty of hacking two decentralized crypto-streaks and stealing digital assets worth over $12.3 million.
An investigation by US prosecutors revealed that the first victim of the hacker, 34-year-old Ahmed, was the exchange mentioned in the Crypto Exchange case. On July 2-3, 2022, Ahmed exploited a vulnerability in one of the smart contracts to obtain an inflated commission of around $9 million. Following this, Ahmed proposed that the exchange administration return the stolen assets (excluding $1.5 million) in exchange for not disclosing information about the hacking to law enforcement agencies.
A few weeks later, on July 28, Ahmed targeted another decentralized service, the Nirvana Finance protocol, which traded ANA cryptocurrency. Utilizing a flash loot for $10 million, Ahmed purchased a package of ANA coins at a low price and then sold them on the platform at a high rate, earning an illegal profit of $3.6 million.
Nirvana was willing to pay the hacker up to $600,000 for reporting the vulnerability, but Ahmed demanded $1.4 million. When his demand was not met, the attacker stole all the funds, leading to the platform’s closure.
To cover his tracks, Ahmed employed complex financial schemes, including the conversion of cryptocurrencies into anonymous Monero, cross-chaining, foreign exchanges, and mixers. Despite his attempts, he was eventually exposed.
Ahmed pleaded guilty to computer fraud. He has agreed to forfeit the stolen assets amounting to $12.3 million and will also reimburse $5 million to the victims. He could face up to 5 years in prison, and the sentence will be announced on March 13, 2024.