Shakeeb Ahmed, a software engineer, has received a three-year prison term following his involvement in the Nirvana finance and the decentralized Crypto Exchanges flash loan attacks in 2022.
According to a statement by U.S. Attorney Damian Williams, Ahmed’s conviction stands as the inaugural instance of compromising a smart contract. In addition to having $12.3 million and “a significant quantity of cryptocurrency” forfeited, Ahmed was ordered to pay $5 million in restitution to the exchanges.
Except for $1.5 million, Ahmed had offered to restore the entire amount of funds stolen from the Crypto Exchange without legal action from the exchange.
Unable to reach a consensus, Nirvana extended an offer of $600,000 in exchange for the return of funds; however, Ahmed insisted on keeping $1.4 million of the $3.6 million he compromised.
The NIRV stablecoin of Nirvana decoupled from the U.S. dollar, and the native ANA coin closed shortly after falling by 85 percent in response to the news of the breach. The SDNY asserts that Ahmed engaged in the laundering of the compromised funds:
“Using token-swap transactions; ‘bridging’ fraud proceeds from the Solana blockchain over to the Ethereum blockchain; exchanging fraud proceeds into Monero […]; using overseas cryptocurrency exchanges; and using cryptocurrency mixers, such as Samourai Whirlpool.”
Additionally, it has come to light that a third exchange, Crema, experienced an intrusion employing identical techniques in July 2022; however, the federal charges failed to establish a connection between the hacker and that incident.
Ahmed conducted the attacks while employed as “a senior security engineer for an international technology company,” as stated in the statement. Ahmed was the technical director of Amazon’s bug bounty program, per Bloomberg.
Ahmed, whom Inner City Press reports was released on bond, is employed by a mental health care startup. The publication cited him as saying, “Having observed attacks, I devised a method to manipulate the smart contracts of an exchange. “I sought therapy” during his trial.
Ahmed was apprehended in New York in July and formally accused of wire fraud and money laundering concerning the compromised systems. In December, he subsequently pleaded guilty to a solitary allegation of computer fraud.
