The U.S. Attorney’s Office for the Southern District of New York has indicted Shakeeb Ahmed, a computer security engineer based in New York, for defrauding a decentralized cryptocurrency exchange of $9 million. The DEX, operating on the Solana blockchain, remains unnamed in the indictment, but the details mirror the July 2022 Crema Finance hack.
Stealing (and laundering) millions
Ahmed allegedly exploited a vulnerability in one of the DEX’s smart contracts, inserting fraudulent pricing data that resulted in the generation of inflated fees, amounting to approximately $9 million. He was also accused of utilizing “flash loans” to further defraud the exchange, reportedly borrowing millions of dollars, then depositing them in the DEX’s liquidity pool, and subsequently withdrawing the funds, claiming a hefty percentage as fees.
The indictment also alleges that Ahmed attempted to launder the stolen funds through intricate transfers across blockchains and international exchanges. He tried bridging funds from Solana to Ethereum and even exchanged the illicit proceeds into Monero, a cryptocurrency well-known for its high level of anonymity and difficulty to trace.
“Can I cross the border with crypto?”
Intriguingly, two days following the attack, Ahmed conducted internet searches for “DeFi hack” and read news articles on his own hack. His search history also included inquiries for “wire fraud” and “evidence laundering.” Moreover, Ahmed seemingly explored escape routes, conducting searches regarding his ability to flee the U.S., avoid extradition, and protect his stolen assets. His searches included phrases like “can I cross border with crypto,” “how to stop federal government from seizing assets,” and “buying citizenship.”
Following the hack, Ahmed reportedly proposed a deal to return the majority of the stolen funds to the exchange, holding back $1.5 million for himself, in exchange for the DEX not reporting the incident to law enforcement. His offer also included enlightening the DEX on their technical vulnerabilities.
This case follows another DOJ indictment of blockchain fraud in the same week related to NFTs. Ahmed now faces charges of wire fraud and money laundering, with a potential maximum sentence of 20 years in prison.
Editor’s note: This article was written by an nft now staff member in collaboration with OpenAI’s GPT-4.