Shakeeb Ahmed pleads guilty to hacking Nirvana Finance, unnamed DEX
Shakeeb Ahmed, a senior security engineer, has pleaded guilty to hacking two decentralized exchanges, marking the first-ever conviction for a breach involving smart contracts.
He was charged with wire fraud and money laundering and faces a maximum sentence of five years in prison.
The United States Attorney for the Southern District of New York, Damian Williams, announced Ahmed’s conviction, stating that “Five months ago, my Office announced the first ever arrest involving an attack on a smart contract. Today, senior security engineer Shakeeb Ahmed pled guilty and agreed to return all of the stolen crypto to his victims.”
Ahmed’s guilty plea includes an agreement to surrender $12.3 million, including $5.6 million in cryptocurrency acquired fraudulently. This plea stems from his involvement in exploiting vulnerabilities in the smart contracts of Nirvana Finance and another unnamed decentralized crypto exchange.
The hacking incident, which occurred around July 2 and 3, 2022, involved Ahmed exploiting a smart contract of the unnamed exchange to insert fake pricing data, fraudulently generating about $9 million in inflated fees. Ahmed returned most of the stolen funds, keeping $1.5 million, leading the exchange to decide against reporting the attack to law enforcement.
The case further unraveled following Ahmed’s arrest, revealing his involvement in a $3.49 million flash loan exploit of Nirvana Finance. Despite an initial offer of a $300,000 white hat bounty by Nirvana for the return of the hacked funds, Ahmed sold all the stolen ANA coins for profit, which led to the closure of Nirvana Finance.
Ahmed attempted to cover his tracks by converting the stolen cryptocurrency to Monero, using cryptocurrency mixers, hopping across blockchains, and engaging with overseas crypto exchanges.
A U.S. citizen and New York City resident, Ahmed was released on bail after his July charge and is scheduled for sentencing on March 13, 2024.