Shakeeb Ahmed, a computer security engineer, has been handed a three-year prison sentence followed by three years of supervised release in the Southern District of New York (SDNY) Court. Ahmed was convicted for orchestrating flash loan attacks on both the decentralized Crypto Exchange and Nirvana exchanges in 2022.
U.S. Attorney Damian Williams hailed Ahmed’s conviction as the first for hacking a smart contract, emphasizing its significance in the realm of cybersecurity. Ahmed has been ordered to forfeit $12.3 million, along with “a significant quantity of cryptocurrency,” and to compensate the affected exchanges with a $5 million restitution.
During the investigation, it was revealed that Ahmed had offered to return the stolen funds to Crypto Exchange, with the exception of $1.5 million, provided the exchange refrained from involving law enforcement. Similarly, Nirvana was offered the return of funds for $600,000, but Ahmed demanded $1.4 million, resulting in a failed negotiation.
The repercussions of the hack were severe, with Nirvana’s NIRV stablecoin depegging from the U.S. dollar and its native ANA coin plummeting by 85%, ultimately leading to the closure of the exchange. According to the SDNY statement, Ahmed laundered the illicitly obtained funds through various means, including token-swap transactions, bridging fraud proceeds between different blockchains, exchanging funds into Monero, utilizing overseas cryptocurrency exchanges, and employing cryptocurrency mixers such as Samourai Whirlpool.
“Using token-swap transactions; ‘bridging’ fraud proceeds from the Solana blockchain over to the Ethereum blockchain; exchanging fraud proceeds into Monero […]; using overseas cryptocurrency exchanges; and using cryptocurrency mixers, such as Samourai Whirlpool.”
Although a third exchange, Crema, was also targeted using similar methods, federal charges did not directly link Ahmed to that particular hack. At the time of the attacks, Ahmed was employed as a senior security engineer for an international technology company and was reportedly the technical lead of Amazon’s bug bounty program, according to Bloomberg.
Following his arrest in New York and subsequent charges in July for wire fraud and money laundering in connection with the hacks, Ahmed pleaded guilty to a single charge of computer fraud in December. Presently, Ahmed, who has been released on bail, is said to be working for a mental health care startup, where he has purportedly sought therapy to address his actions.
Shakeeb Ahmed: I lost my way. I apologize to the users of Nirvana Finance. (Sobs) I am raised in a harsh and unforgiving household. I was drawn to technology. I got lost. During the pandemic I turned to crypto.
— Inner City Press (@innercitypress) April 12, 2024