Expert Charged for $9M Theft from Decentralized Crypto Exchange
The DOJ arrested and indicted Shakeeb Ahmed, a cybersecurity professional, on charges of wire fraud and money laundering, after he allegedly hacked into a decentralized cryptocurrency exchange and stole approximately $9 million in cryptocurrency.
- The indictment reveals that Ahmed exploited a vulnerability in the exchange’s smart contract, manipulating pricing data to generate inflated fees fraudulently.
- Ahmed attempted to launder the stolen cryptocurrency through various transactions.
On July 11th, the U.S. Department of Justice (DOJ) announced the arrest and indictment of cybersecurity professional, Shakeeb Ahmed, 34, on charges of wire fraud and money laundering. Ahmed is accused of hacking into a decentralized crypto exchange and stealing approximately $9 million in cryptocurrency.
The indictment, announced by the U.S. Attorney’s Office of the Southern District of New York (SDNY), reveals that the accused used his skills in reverse engineering smart contracts and blockchain audits to execute the attack. In the press release, the SDNY called the accused “a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the attack.”
The DOJ’s indictment further states that he exploited a vulnerability in the decentralized crypto exchange’s smart contract, manipulating pricing data to fraudulently generate inflated fees. Although the specific company where Ahmed worked was not disclosed, his LinkedIn profile listed him as a senior security engineer at Amazon, a claim denied by the company’s spokesperson.
While the DOJ did not explicitly identify the victim, it aligns with the attack on Crema Finance, a Solana-based exchange, which occurred in early July 2022. CoinDesk reported that Ahmed returned approximately $8 million of the stolen funds but kept the remaining amount. The DOJ’s press release stated that Ahmed offered to return all the stolen funds, except for $1.5 million, if the exchange agreed not to involve law enforcement. This practice of returning stolen cryptocurrency while negotiating with victims has become a common strategy among hackers operating in the crypto space.
The indictment highlights how Ahmed exploited vulnerabilities in the decentralized crypto exchange’s system by inserting fake pricing data to fraudulently generate inflated fees. He then laundered the stolen crypto through various transactions, including swapping tokens and transferring the proceeds between different blockchains. Despite having a background in cybersecurity, he attempted to conceal the source and ownership of the stolen cryptocurrency through various transactions, including converting funds to Monero, a difficult-to-trace cryptocurrency.
Ahmed’s actions after the theft revealed his lack of understanding of digital privacy and law enforcement capabilities. He searched online for information on the hack, his own criminal liability, legal expertise in similar cases, and even how to flee the U.S. to avoid charges.
According to the announcement, “AHMED conducted internet searches or visited websites related to the charges in the indictment, including by searching for the term “wire fraud” and for the term “evidence laundering.” The accused went further down the rabbit conducting “internet searches or visited websites related to his ability to flee the United States, avoid extradition, and keep his stolen cryptocurrency: he searched for the terms “can I cross border with crypto,” “how to stop federal government from seizing assets,” and “buying citizenship”; and he visited a website titled “16 Countries Where Your Investments Can Buy Citizenship . . .””
Inside Telecom provides you with an extensive list of content covering all aspects of the Tech industry. Keep an eye on our Cryptocurrency section to stay informed and updated with our daily articles.