Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges

Former security engineer Shakeeb Ahmed was sentenced to prison for hacking and defrauding cryptocurrency exchanges.

Shakeeb Ahmed, a former senior security engineer, was sentenced to three years in prison for hacking and defrauding two cryptocurrency exchanges.

Ahmed, 34, of New York, New York, was arrested in July 2023, one year after the attacks occurred. He pleaded guilty in December.

According to court documents, in early July 2022, Ahmed defrauded a decentralized cryptocurrency exchange of roughly $9 million.

By exploiting a smart contract vulnerability, Ahmed faked price data and generated inflated fees that he then withdrew in the form of cryptocurrency. He then contacted the exchange and agreed to return all the funds, except for $1.5 million, which he would keep as a bounty.

At the end of July 2022, Ahmed targeted a second decentralized crypto exchange, Nirvana Finance, by exploiting a different vulnerability in the exchange’s smart contracts, which enabled him to purchase cryptocurrency at lower prices than allowed. He then sold the virtual assets to Nirvana at a higher price.

Nirvana offered him a bug bounty reward of $600,000 in exchange for the stolen funds, but he asked for $1.4 million instead and ended up keeping all the assets, after failing to reach an agreement with the exchange.

Ahmed then used multiple techniques, such as token-swap transactions, exchanging the proceeds in other cryptocurrency, bridging the assets between blockchains, and using cryptocurrency mixers and overseas exchanges.

According to the court documents, Ahmed worked at an international technology company at the time of the attacks. While the company has not been named, Ahmed’s LinkedIn profile suggests he was working at Amazon.

Advertisement. Scroll to continue reading.

In addition to the prison term, Ahmed was sentenced to three years of supervised release and ordered to forfeit approximately $12.3 million and pay over $5 million in restitution to the victim cryptocurrency exchanges.

Related: Moldovan Operator of Credential Marketplace Sentenced to US Prison

Related: LockBit Ransomware Affiliate Sentenced to Prison in Canada

Related: DraftKings Hacker Sentenced to 18 Months in Prison

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights