Ex-Amazon engineer stole $12.3 million

Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022.

The two affected companies are Nirvana Finance, a decentralized crypto exchange, and an unnamed exchange on the Solana blockchain platform that Ahmed hacked using his blockchain audit and smart contract reverse engineering skills.

He first targeted the undisclosed crypto exchange by manipulating a smart contract to introduce false pricing data, generating roughly $9 million worth of inflated fees. Ahmed later withdrew the funds and offered to return all but $1.5 million on the condition that the exchange refrained from involving law enforcement.

Although not explicitly named by the Justice Department, the details of the attack match those of a July 2022 breach impacting the Crema Finance decentralized finance (DeFi) platform.

Shortly after this first hack, Ahmed exploited a Nirvana Finance DeFi protocol smart contract loophole to take a flash loan of ANA cryptocurrency tokens at a low price and sell it back at a higher rate, yielding him approximately $3.6 million.

Despite being offered a $300,000 bounty to return the stolen crypto assets, Ahmed kept everything he stole (representing all the funds owned by Nirvana Finance) after demanding $1.4 million and not reaching an agreement, forcing the exchange to shut down.

Efforts to evade capture

Seeking to conceal his actions and obscure the digital trail of the stolen funds, Ahmed used several cryptocurrency mixers (including Samourai Whirlpool), the Solana and Ethereum blockchains, and foreign exchanges to convert the millions he stole into Monero, a cryptocurrency known for its enhanced privacy and anonymity.

Wary of being apprehended, Ahmed actively sought ways to elude detection and extradition. His online searches revealed his interest in strategies to flee the United States, thwart asset seizures, and secure citizenship in different nations, clearly showcasing Ahmed's intention to sidestep legal repercussions for his actions.

"Five months ago, my Office announced the first ever arrest involving an attack on a smart contract. Today, senior security engineer Shakeeb Ahmed pled guilty and agreed to return all of the stolen crypto to his victims. That arrest is now the first ever conviction for such a hack," said U.S. Attorney Damian Williams on Thursday.

"Ahmed's plea has also resulted in him further admitting that he carried out a previously unsolved second multi-million-dollar hack, this time of decentralized finance protocol Nirvana Finance. In total, Ahmed used his technical knowhow to steal over $12 million and tried to cover his tracks by swapping stolen crypto for Monero, using cryptocurrency mixers, hopping across blockchains, and utilizing overseas crypto exchanges."

Ahmed entered a guilty plea for a single computer fraud charge, an offense with a maximum imprisonment term of five years. Additionally, he committed to compensating his victims with a sum totaling $5,071,074.23.

He will also forfeit over $12.3 million, including roughly $5.6 million worth of fraudulently obtained cryptocurrency.

Sentencing has been set for March 13, 2024, to be adjudicated by United States District Judge Victor Marrero.