Shakeeb Ahmed’s conviction set a precedent case following the Thursday, December 14, guilty plea for orchestrating the Nirvana Finance exploit in July. The Department of Justice revealed that the 34-year-old New York native awaits his sentencing in March after pleading guilty to orchestrating two exploits involving decentralized crypto exchanges (DEX).
The Justice Department revealed that Ahmed pled guilty to the July exploit of Solana-based decentralized finance (DeFi) protocol Nirvana Finance. The hacker agreed to forfeit stolen funds that the DoJ estimated to exceed $12 million in value.
Security Engineer Guilty Plea in Precedent Conviction for Smart Contracts Exploit
New York’s Southern District attorney Damian Williams hailed the case as a precedent conviction for hack involving smart contracts. The statement indicated that the security engineering expert exploited the vulnerabilities in smart contracts utilized in the decentralized exchanges to automate transactions.
The prosecutors revealed that Ahmed had tricked the DeFi platform into granting $9 million in fee payments in July. The submission indicated that he targeted the Solana-based Nirvana Finance into stealing its entire holdings of $3.6 million through smart contracts manipulation.
Ahmed was arrested in July this year, which the attorney’s office declared the first arrest involving a smart contract.
The Thursday statement disclosed that the senior security engineer attempted to conceal the proceeds by tapping crypto mixing services, remittance to overseas accounts and blockchain transfers.
Ahmed considered token-swap transactions to conceal ownership and source. In particular, he bridged the fraud proceeds by hopping from the Solana to the Ethereum blockchain.
Ahmed exchanged the stolen funds into Monero, known for anonymizing and concealing traceability. Besides, he utilized the crypto mixing platform Samourai Whirlpool.
The attorney’s statement indicated that Ahmed had inquired about how to avoid prosecution through citizenship acquisition and laundering evidence at the time of the arrest.
The indictment statement illustrated that the charges levelled against the security engineer on the July attack exposed his role in the unsolved Nirvana Finance Exploit. He agreed to surrender the embezzled funds to the victims.
The crypto exchange allowed the users to swap their cryptocurrencies. The platform remitted fees to users who deposited cryptos that generated liquidity to the DEX.
A review of the documents submitted before the U.S. Magistrate Judge Ona Wang, Ahmed had in early July last year exploited the vulnerability in the DEX’s smart contracts. In particular, he inserted fake pricing data, forcing the smart contract into generating inflated fees of $9 million worth of crypto.
Although not legitimately earned, Ahmed withdrew the fees via cryptos. The action defrauded the DEX and its users of their invaluable cryptos. Efforts to recover the stolen funds from Ahmed turned futile as he offered to return but hold $1.5 M provided the crypto exchange would not refer the exploit to law enforcement.
Hacker Exploits Nirvana Finance Design’s Vulnerability
The prosecutors submitted that Ahmed leveraged a $10M flash loan to execute an attack on Nirvana Finance. He had earlier discovered a vulnerability in the smart contracts utilized by Nirvana.
Nirvana featured a unique operating model to acquire crypto and sell the native crypto token ANA. It ran on a unique design that caused the price to surge whenever the user acquired a substantial ANA quantity. In contrast, ANA price would decline whenever a user disposed of a considerable quantity.
Ahmed acquired ANA at a lower price compared to the price that Nirvana ought to charge relative to the purchased size. He resold the ANA when it adjusted to reflect the huge purchase, realizing a $3.6 million profit.
The statement indicated that Nirvana offered the exploiter $600,000 as a bug bounty, demanding he return the funds. Ahmed turned down and instead issued $1.4 million in a counteroffer. The DeFi’s team refused, prompting the hacker to retain the entire loot.
The $3.6M funds stolen by the security engineer represented almost all the holdings of the Solana-based DEX, prompting its imminent shutdown.
Williams hailed the conviction as illustrative of the regulator’s resolve to pursue fraud irrespective of its sophisticated nature. He indicated that Ahmed faces sentencing on March 13 before Judge Victor Marrero.
The hacker could face a five-year imprisonment for orchestrating computer fraud.
SureTradeGroup.com is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. Some of the content on this site is paid content that is not written or posted by our writers or editors and the opinions expressed do not reflect the opinions of this website. Any disagreement you may have with brands or companies mentioned in articles will need to be taken care of directly with those specific brands and companies. The responsibility of anyone who may click links in our articles and ultimately sign up for that product or service is their own. Forex, Stocks, Cryptocurrencies, NFTs and Dogital Tokens are all a high-risk asset, investing in them can lead to losses. Readers should do their own research before taking any action.