Shakeeb Ahmed, a former senior security engineer, was sentenced to three years in prison for hacking and defrauding two cryptocurrency exchanges.
Ahmed, 34, of New York, New York, was arrested in July 2023, one year after the attacks occurred. He pleaded guilty in December.
According to court documents, in early July 2022, Ahmed defrauded a decentralized cryptocurrency exchange of roughly $9 million.
By exploiting a smart contract vulnerability, Ahmed faked price data and generated inflated fees that he then withdrew in the form of cryptocurrency. He then contacted the exchange and agreed to return all the funds, except for $1.5 million, which he would keep as a bounty.
At the end of July 2022, Ahmed targeted a second decentralized crypto exchange, Nirvana Finance, by exploiting a different vulnerability in the exchange’s smart contracts, which enabled him to purchase cryptocurrency at lower prices than allowed. He then sold the virtual assets to Nirvana at a higher price.
Nirvana offered him a bug bounty reward of $600,000 in exchange for the stolen funds, but he asked for $1.4 million instead and ended up keeping all the assets, after failing to reach an agreement with the exchange.
Ahmed then used multiple techniques, such as token-swap transactions, exchanging the proceeds in other cryptocurrency, bridging the assets between blockchains, and using cryptocurrency mixers and overseas exchanges.
According to the court documents, Ahmed worked at an international technology company at the time of the attacks. While the company has not been named, Ahmed’s LinkedIn profile suggests he was working at Amazon.
In addition to the prison term, Ahmed was sentenced to three years of supervised release and ordered to forfeit approximately $12.3 million and pay over $5 million in restitution to the victim cryptocurrency exchanges.
Related: Moldovan Operator of Credential Marketplace Sentenced to US Prison
Related: LockBit Ransomware Affiliate Sentenced to Prison in Canada
