We previously reported on the indictment of Shakeeb Ahmed. According to the charging documents and other filings and statements made in court, the facts were as follows: In July 2022, Ahmed carried out an attack on a cryptocurrency exchange, the Crypto Exchange, by exploiting a vulnerability in one of the Crypto Exchange’s smart contracts and inserting fake pricing data to fraudulently cause that smart contract to generate approximately $9 million dollars’ worth of inflated fees that Ahmed did not legitimately earn.
After the crime, things turned more interesting. Almost immediately after the attack, the Crypto Exchange initiated public communications on the blockchain with the then-unidentified “hacker” in order to seek the return of the stolen funds. In these public statements, the Crypto Exchange indicated, among other things, that it would refer the attack to law enforcement if the stolen funds were not returned, and it offered to pay the hacker $800,000 for the return of all the stolen funds. Ahmed, using an encrypted email service based overseas, contacted the Crypto Exchange and stated that he would return a portion of the stolen funds (all but $2.5 million of the about $9 million stolen) if the Crypto Exchange agreed not to refer the attack to law enforcement for investigation. In response, on or about July 6, 2022, the Crypto Exchange restated its original figure of $800,000. On or about July 7, 2022, Ahmed indicated that he intended to keep $1.8 million of the stolen cryptocurrency. Later that same day, though, Ahmed returned all but approximately $1.5 million of the cryptocurrency that had been stolen.
Ahmed pled guilty not only to the Crypto Exchange theft, but also to a previously unsolved second multi-million-dollar hack, this time of decentralized finance protocol Nirvana Finance. Those facts were as follows, according to the government: “On or about July 28, 2022, a few weeks after the hack of the Crypto Exchange, Ahmed carried out an attack on Nirvana in which he took out a flash loan for approximately $10 million, used those funds to purchase ANA [Nirvana’s native cryptocurrency token] from Nirvana, and used an exploit he discovered in Nirvana’s smart contracts to purchase the ANA at its initial, low price, rather than at the higher price that Nirvana was designed to charge him in light of the size of his purchase. When the price of ANA updated to reflect his large purchase, Ahmed resold the ANA he had purchased to Nirvana at the new, higher price, resulting in a profit to him of approximately $3.6 million. Nirvana offered Ahmed a “bug bounty” of as much as $600,000 to return the stolen funds, but Ahmed instead demanded $1.4 million, did not reach agreement with Nirvana, and kept all the stolen funds. The $3.6 million Ahmed stole represented approximately all the funds possessed by Nirvana, which as a result shut down shortly after Ahmed’s attack.”
The indictment also included details of Ahmed’s internet activity after the attack, including the following internet searches: white collar criminal defense attorneys with expertise in cryptocurrency, DeFi hacks prosecution, and 16 countries where your investments can buy citizenship.
Ahmed pled guilty to one count of computer fraud. He agreed to forfeit over $12.3 million, including paying restitution to his victims totaling $5,071,074.23. He faces a maximum sentence of five years in prison. The U.S. Attorney for the Southern District of New York stated, “In total, Ahmed used his technical knowhow to steal over $12 million and tried to cover his tracks by swapping stolen crypto for Monero, using cryptocurrency mixers, hopping across blockchains, and utilizing overseas crypto exchanges. Today’s conviction shows that no matter how sophisticated the methods used, fraud is fraud, and we will swiftly catch and convict you.”