Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022.
The two affected companies are Nirvana Finance, a decentralized crypto exchange, and an unnamed exchange on the Solana blockchain platform that Ahmed hacked using his blockchain audit and smart contract reverse engineering skills.
He first targeted the undisclosed crypto exchange by manipulating a smart contract to introduce false pricing data, generating roughly $9 million worth of inflated fees.
Ahmed later withdrew the funds and offered to return all but $1.5 million on the condition that the exchange refrained from involving law enforcement.
Although not explicitly named by the Justice Department, the details of the attack match those of a July 2022 breach impacting the Crema Finance decentralized finance platform.
Shortly after this first hack, Ahmed exploited a Nirvana Finance DeFi protocol smart contract loophole to take a flash loan of ANA cryptocurrency tokens at a low price and sell it back at a higher rate, yielding him approximately $3.6 million.
Despite being offered a $300,000 bounty to return the stolen crypto assets, Ahmed kept everything he stole after demanding $1.4 million and not reaching an agreement, forcing the exchange to shut down.
Seeking to conceal his actions and obscure the digital trail of the stolen funds, Ahmed used several cryptocurrency mixers, the Solana and Ethereum blockchains, and foreign exchanges to convert the millions he stole into Monero, a cryptocurrency known for its enhanced privacy and anonymity.
Wary of being apprehended, Ahmed actively sought ways to elude detection and extradition.
His online searches revealed his interest in strategies to flee the United States, thwart asset seizures, and secure citizenship in different nations, clearly showcasing Ahmed's intention to sidestep legal repercussions for his actions.
Ahmed entered a guilty plea for a single computer fraud charge, an offense with a maximum imprisonment term of five years.
He committed to compensating his victims with a sum totaling $5,071,074.
He will also forfeit over $12.3 million, including roughly $5.6 million worth of fraudulently obtained cryptocurrency.
Sentencing has been set for March 13, 2024, to be adjudicated by United States District Judge Victor Marrero.
New cybercrime market 'OLVX' gains popularity among hackers.
Russian pleads guilty to running crypto-exchange used by ransomware gangs.
US detains suspects behind $80 million 'pig butchering' scheme.
Ledger dApp supply chain attack steals $600K from crypto wallets.
Ukrainian military says it hacked Russia's federal tax agency.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 15 Dec 2023 20:35:22 +0000