Smart Contract Breach: Hacker Cracks Code, Faces Justice

Former senior cybersecurity engineer of an American IT company, Shakeeb Ahmed, has admitted his guilt in hacking two decentralized cryptocurrency exchanges and stealing digital assets valued at over $12.3 million.

According to the investigation by U.S. prosecutors, the first target of the 34-year-old hacker was an exchange referred to in court documents as “Crypto Exchange.” On July 2-3, 2022, Ahmed exploited a vulnerability in one of the smart contracts to secure an inflated commission amounting to about $9 million. Subsequently, he offered to return the stolen assets to the exchange’s administration (excluding $1.5 million) in exchange for not disclosing the breach to law enforcement.

A few weeks later, on July 28, he attacked another decentralized service, the Nirvana Finance protocol, which traded the ANA crypto token. Using a flash loan of $10 million, Ahmed purchased a batch of ANA coins at a reduced price, then resold them to the platform at an inflated rate, netting $3.6 million in illicit profits.

Nirvana Finance was prepared to pay the hacker up to $600,000 for reporting the vulnerability, but he demanded $1.4 million. Failing to reach an agreement, the criminal stole all the funds, leading to the platform’s closure.

To conceal his tracks, the fraudster employed complex financial schemes, including converting crypto into the anonymous Monero, cross-chain transfers, foreign exchanges, and mixers. Despite these measures, he was eventually exposed.

Ahmed has pleaded guilty to computer fraud and agreed to the confiscation of the stolen assets amounting to $12.3 million, as well as to return $5 million to the victims. He faces up to five years in prison, with the sentence to be pronounced on March 13, 2024.