A former Amazon engineer has pleaded guilty to hacking two cryptocurrency exchanges, resulting in the first-ever conviction involving the hacking of a smart contract.
Shakeeb Ahmed, a former security engineer at Amazon, is now facing the possibility of up to five years in prison, alongside forfeiting $12.3 million worth of stolen cryptocurrency, as announced by the United States Attorney for the Southern District of New York.
The hacks, which occurred in 2022, specifically targeted Nirvana Finance and an undisclosed crypto exchange on the Solana blockchain.
By submitting falsified data, Ahmed manipulated the contracts, resulting in the generation of millions of dollars in inflated fees that he had not rightfully earned.
Smart contracts are digital programs that execute predetermined functions when specific conditions are met.
These contracts operate on blockchain platforms and offer increased security and automation.
In this case, Ahmed, leveraged his skills honed during his tenure at Amazon to reverse-engineer the necessary steps to manipulate the exchanges into paying out substantial sums.
Ahmed Tapped an Exchange to Obscure His Tracks
To obscure his tracks, Ahmed engaged in negotiations with the unnamed crypto exchange, proposing the return of all stolen funds, minus $1.5 million, on the condition that the exchange refrained from involving law enforcement.
Prosecutors revealed this attempt to evade accountability.
Following the successful hack of the first exchange, Ahmed turned his attention to Nirvana’s cryptocurrency, ANA, exploiting a feature designed to inflate the token price after a significant purchase.
By exploiting a workaround within Nirvana’s smart contract, Ahmed acquired $10 million worth of ANA tokens at an artificially lowered price and subsequently sold them for a $3.6 million profit.
“Nirvana offered AHMED a ‘bug bounty’ of as much as $600,000 to return the stolen funds, but AHMED instead demanded $1.4 million, did not reach an agreement with Nirvana, and kept all the stolen funds,” stated the US Attorney.
“The $3.6 million AHMED stole represented approximately all the funds possessed by Nirvana, which, as a result, shut down shortly after AHMED’s attack.”
To further complicate the tracing of his activities, Ahmed attempted to obfuscate the stolen crypto by converting it into Monero, leveraging cryptocurrency mixers, jumping across different blockchains, and utilizing overseas crypto exchanges, according to US Attorney Damian Williams.
The recent security incidents come as hacks and scams continue to plague the crypto industry.
According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.
In total, approximately $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits.