Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges

Former security engineer Shakeeb Ahmed was sentenced to prison for hacking and defrauding cryptocurrency exchanges.

Shakeeb Ahmed, a former senior security engineer, was sentenced to three years in prison for hacking and defrauding two cryptocurrency exchanges.

Ahmed, 34, of New York, New York, was arrested in July 2023, one year after the attacks occurred. He pleaded guilty in December.

According to court documents, in early July 2022, Ahmed defrauded a decentralized cryptocurrency exchange of roughly $9 million.

By exploiting a smart contract vulnerability, Ahmed faked price data and generated inflated fees that he then withdrew in the form of cryptocurrency. He then contacted the exchange and agreed to return all the funds, except for $1.5 million, which he would keep as a bounty.

At the end of July 2022, Ahmed targeted a second decentralized crypto exchange, Nirvana Finance, by exploiting a different vulnerability in the exchange’s smart contracts, which enabled him to purchase cryptocurrency at lower prices than allowed. He then sold the virtual assets to Nirvana at a higher price.

Nirvana offered him a bug bounty reward of $600,000 in exchange for the stolen funds, but he asked for $1.4 million instead and ended up keeping all the assets, after failing to reach an agreement with the exchange.

Advertisement. Scroll to continue reading.

Ahmed then used multiple techniques, such as token-swap transactions, exchanging the proceeds in other cryptocurrency, bridging the assets between blockchains, and using cryptocurrency mixers and overseas exchanges.

According to the court documents, Ahmed worked at an international technology company at the time of the attacks. While the company has not been named, Ahmed’s LinkedIn profile suggests he was working at Amazon.

In addition to the prison term, Ahmed was sentenced to three years of supervised release and ordered to forfeit approximately $12.3 million and pay over $5 million in restitution to the victim cryptocurrency exchanges.

Related: Moldovan Operator of Credential Marketplace Sentenced to US Prison

Related: LockBit Ransomware Affiliate Sentenced to Prison in Canada

Related: DraftKings Hacker Sentenced to 18 Months in Prison

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.