The Department of Justice has arrested a computer security engineer and charged him with using his expertise to steal $9 million by hacking a decentralized cryptocurrency exchange, in a case the government is calling the first of its kind.
Shakeeb Ahmed, 34, was arrested Tuesday in New York and charged with wire fraud and money laundering, each of which carry a maximum sentence of 20 years in prison.
The U.S. Attorney’s Office of the Southern District of New York said Ahmed found a vulnerability in a smart contract of an overseas crypto exchange on the Solana blockchain that allowed him to insert fake pricing data and generate roughly $9 million worth of inflated fees he didn’t earn.
He then allegedly withdrew the fees and laundered them through “a series of complex transfers on the blockchain” and other fraudulent transactions to hide their source, U.S. Attorney Damian Williams said in a statement.
Ahmed is also accused of having “communications” with the crypto exchange and offering to return all but $1.5 million if the exchange agreed not to report the theft.
The DOJ said the attack was followed up by a number of online searches including “can I cross border with crypto,” “how to stop federal government from seizing assets” and “buying citizenship.”
Ahmed was employed at the time of the attack as a senior security engineer for an international technology company, officials said, and on his resume listed skills like “reverse engineering smart contracts and blockchain audits.”
The Justice Department said this is the first criminal case it has prosecuted involving an attack on a smart contract operated by a decentralized exchange.
Court records did not list an attorney for Ahmed.
Smart contracts are written into code on a blockchain and are usually used to automate some kind of transaction or agreement when certain conditions have been met. If executed correctly, the contracts cannot be tampered with or changed and they provide a level of security—and anonymity—for both members of a transaction. Once a contract has been completed, the blockchain is then updated and that transaction cannot be changed.
The Department of Justice did not specify who the victim of the crypto attack was but TechCrunch on Tuesday reported that information about the hack matches a July 2022 attack on Crema Finance, a Solana-based exchange. That hack occurred at the same time Ahmed is alleged to have attacked the unnamed exchange on the same blockchain and included a hacker that returned around $8 million in crypto while keeping the rest, TechCrunch said.
Former Security Engineer For International Technology Company Arrested For Defrauding Decentralized Cryptocurrency Exchange (DOJ)
Gates, Buffett Prefer Farmland To Crypto As Blockchain Gains Steam Across Agriculture (Forbes)
‘Global Governance’—Leak Reveals ‘Unprecedented’ Plan For Crypto That Could Play Havoc With The Price Of Bitcoin, Ethereum, BNB, XRP, Cardano, Dogecoin, Solana, Tron And Litecoin (Forbes)