The Southern District of New York’s Federal Prosecutor’s Office announced on Thursday (14th) that a senior security engineer named Shakeeb Ahmed has admitted to attacking the DeFi protocol Nirvana Finance and another unnamed decentralized cryptocurrency exchange.
Ahmed has confessed to committing computer fraud and has agreed to forfeit the $12.3 million he obtained from these two hacking incidents. He will also pay a total of $5 million in compensation to the victims. Ahmed faces a maximum of five years in prison and will be sentenced on March 13th next year.
In 2022, Ahmed carried out two hacking attacks. In July of this year, Ahmed was charged with telecommunication fraud and money laundering. The indictment shows that he took advantage of a vulnerability in a smart contract on an unnamed exchange on the Solana chain. According to Zombit’s previous report, the description and other details in the indictment indicate that the attacked exchange may be Crema Finance.
A few weeks after the first hacking attack, Ahmed launched an attack on Nirvana Finance worth $3.6 million, involving a flash loan and a vulnerability he discovered in the platform’s smart contract. Nirvana had offered a $600,000 reward for the hacker to return the stolen funds, but he demanded $1.4 million, and the two sides never reached an agreement.
During these two hacking attacks, Ahmed worked as a senior security engineer at an international technology company. His resume reflects skills in reverse engineering of smart contracts and blockchain auditing. However, after succeeding in his attacks, Ahmed searched Google for a series of information on hacking attacks, including how to handle funds, escape the United States, and avoid criminal charges.
The prosecutor’s statement states that Ahmed “engaged in complex means” of money laundering, “including token exchange transactions, bridging fraudulent proceeds from the Solana blockchain to the Ethereum blockchain, converting fraudulent proceeds into Monero (an anonymous and particularly difficult-to-trace cryptocurrency), using overseas cryptocurrency exchanges, and utilizing cryptocurrency mixers such as Samourai Whirlpool.”
Source: Related report: “Security Engineer Turns to the Dark Side and Gets Arrested! After Making $9 Million, He Asks Google for Self-Protection Methods.”
