On July 11, 2023, the Unites States Attorney’s office for the Southern District of New York announced that it had arrested Shakeeb Ahmed and charged him with wire fraud and money laundering in connection with his attack on a decentralized cryptocurrency exchange (the “Crypto Exchange”). Although the indictment did not identify the exchange, based on the facts described in the indictment, it has been reported that the hack was against Crema Finance, a decentralized cryptocurrency platform operating on the Solana blockchain.
As explained in the indictment, a decentralized exchange does not rely on any sort of entity or company to act as an intermediary between buyers and sellers. Instead, it relies on “smart contracts” (essentially a computer program that runs on the blockchain) associated with “liquidity pools,” analogous to pots of money, in order to serve as an “automated market maker.” An automated market maker controls a liquidity pool of different types of cryptocurrencies and uses a smart contract to buy and sell the cryptocurrencies in that liquidity pool. The Crypto Exchange paid fees to liquidity providers who deposited cryptocurrency into a liquidity pool. Those fees were calculated by a smart contract that took into account, among other things, the total amount of cryptocurrency the liquidity provider deposited and the actual amount of liquidity that was provided.
According to the prosecutors, “In July 2022, Ahmed carried out an attack on the Crypto Exchange by exploiting a vulnerability in one of the Crypto Exchange’s smart contracts and inserting fake pricing data to fraudulently cause that smart contract to generate approximately $9 million dollars’ worth of inflated fees that Ahmed did not legitimately earn, which fees Ahmed was able to withdraw from the Crypto Exchange in the form of cryptocurrency. This conduct defrauded the Crypto Exchange and its users, whose cryptocurrency Ahmed had fraudulently obtained. . . Ahmed laundered the millions in fees that he stole from the Crypto Exchange to conceal their source and ownership, including through (i) conducting token-swap transactions, (ii) “bridging” fraud proceeds from the Solana blockchain over to the Ethereum blockchain, (iii) exchanging fraud proceeds into Monero, an anonymized and particularly difficult cryptocurrency to trace, and (iv) using overseas cryptocurrency exchanges.”
It was, however, after the alleged crime was committed that things got even more interesting, in terms of the negotiations that then took place. Based on the allegations in the indictment, almost immediately after the attack, the Crypto Exchange initiated public communications on the blockchain with the unidentified “hacker” in order to seek the return of the stolen funds. In these public statements, the Crypto Exchange indicated, among other things, that it would refer the attack to law enforcement if the stolen funds were not returned, and it offered to pay the then-unidentified hacker $800,000 for the return of all the stolen funds. A few days after the attack, Ahmed, using an encrypted email service based overseas, contacted the Crypto Exchange and stated that he would return a portion of the stolen funds (all but $2.5 million of the about $9 million stolen) if the Crypto Exchange agreed not to refer the attack to law enforcement for investigation. In response, on or about July 6, 2022, the Crypto Exchange restated its original figure of $800,000. On or about July 7, 2022, Ahmed indicated that he intended to keep $1.8 million of the stolen cryptocurrency. Later that same day, though, Ahmed returned all but approximately $1.5 million of the cryptocurrency that had been stolen.
The indictment also included details of Ahmed’s internet activity after the attack, including the following internet searches:
- white collar criminal defense attorneys with expertise in cryptocurrency
- DeFi hacks prosecution
- wire fraud
- how to prove malicious intent
- how to stop federal government from seizing assets
- evidence laundering
- can I cross the border with crypto
- buying citizenship
- 16 countries where your investments can buy citizenship
There is an obvious lesson for all from the fact that the government was able to include in the indictment such details concerning the manner in which the crime was executed, as well as the defendant’s internet activity.
Ahmed was arraigned on July 11. He is under house arrest in his Manhattan apartment until his trial, pursuant to a $1.5 million bond.