Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

Former Security Engineer Arrested for $9 Million Crypto Exchange Hack

Former security engineer Shakeeb Ahmed has been arrested on charges related to the defrauding of decentralized crypto exchange Crema Finance.

The US today announced the arrest of Shakeeb Ahmed on charges related to the defrauding of a decentralized cryptocurrency exchange in 2022.

Ahmed, 34, of New York, has been charged with wire fraud and money laundering in connection with a scheme involving flash loans and inflated fees that were not legitimately earned.

According to an indictment unsealed today, in July 2022, Ahmed exploited a smart contract vulnerability, defrauding the crypto exchange and its users of roughly $9 million.

After stealing the funds, Ahmed, who at the time was a senior security engineer at an international technology company, specialized in smart contracts and blockchain audits, contacted the crypto exchange and returned most of the funds, except for roughly $1.5 million he kept as a bounty.

While the indictment does not name the impacted crypto exchange, the description of the attack suggests that Ahmed defrauded Crema Finance, which announced on July 4, 2022, that hackers had used this mechanism to steal roughly $8.8 million worth of assets.

Three days later, Crema Finance announced that the hacker had agreed to take a “white hat bounty” of approximately $1.68 million, but that he returned the rest of the stolen assets.

The wire fraud and money laundering charges against Ahmed carry a prison sentence of up to 20 years each. Ahmed was arrested in New York this morning, the US Department of Justice announced, noting that this is the “first criminal case involving an attack on a smart contract operated by a decentralized cryptocurrency exchange”.

Advertisement. Scroll to continue reading.

Related: Interpol: Key Member of Major Cybercrime Group Arrested in Africa

Related: Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks

Related: Spain Arrests Hackers in Crackdown on Major Criminal Organization

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Cybercrime

Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Cybercrime

While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions.