Shakeeb Ahmed, a former security engineer, has entered a guilty plea for hacking two decentralised cryptocurrency exchanges.
This marks the first-ever conviction for a smart contract hack.
The hacks occurred in July 2022, targeting an unnamed crypto exchange and Nirvana Finance.
Ahmed, a skilled security engineer at the time, employed his expertise in blockchain audits and reverse engineering of smart contracts to execute these sophisticated attacks.
The attack on the crypto exchange involved exploiting a smart contract vulnerability, resulting in the fraudulent generation of approximately $9 million in fees.
Ahmed engaged in communication with the exchange, offering to return the stolen funds in exchange for non-involvement of law enforcement.
In the case of Nirvana Finance, Ahmed utilised flash loans and exploited smart contract vulnerabilities, securing a profit of around $3.6 million.
Despite Nirvana’s attempt to resolve the issue with a bug bounty offer, Ahmed demanded $1.4 million, leading to the platform’s closure due to financial depletion.
To obscure the source of his gains, Ahmed employed various advanced laundering techniques, including token-swap transactions, blockchain bridging, Monero exchanges, and cryptocurrency mixers.
Ahmed now faces a maximum sentence of five years for computer fraud.
Sentencing is scheduled for March 13, 2024, before United States District Judge Victor Marrero.
This case represents a collaborative effort from Homeland Security Investigations, Internal Revenue Service – Criminal Investigation, and the U.S. Attorney’s Office for the Southern District of California.
As part of the plea agreement, Ahmed has committed to paying restitution of more than $5 million to the victims.