Ex-Security Engineer Indicted for Stealing $9M in Crypto

Shakeeb Ahmed, a former security engineer for an international technology company, was arrested for money laundering and wire fraud after perpetrating a vicious attack on a decentralized cryptocurrency exchange, the US Attorney’s Office for the Southern District of New York announced in a press release on July 11. This is the first criminal case involving an attack on a DEX-operated smart contract.

HSI and IRS worked on the case

The unsealing of the indictment was announced by US Attorney Damian Williams, Chad Plantz of the Office of Homeland Security Investigations (HSI), and Tyler Hatcher of the Internal Revenue Service – Criminal Investigation Unit (IRS-CI.)

A complex crime

The perpetrator was arrested yesterday morning in New York City. He stole around $9 million in cryptocurrency from exchange users. Then, he transferred the funds on the blockchain in series, swapping crypto and using exchanges based abroad.

The attacked exchange was based on Solana and incorporated overseas. In July last year, he exploited a vulnerability in one of its smart contracts. He entered fake pricing data, causing the manipulated smart contract to generate fees of approximately $9 million. Then, he withdrew the fees from the exchange in the form of cryptocurrency.

He agreed to return some of the money

Ahmed got in touch with the exchange after stealing the fees and said he would return $7.5 million if they didn’t tell law enforcement about the attack.

He laundered the money by carrying out token swaps, running them over a “bridge” from the Solana blockchain to the Ethereum Mainnet, and using crypto exchanges based abroad. He also exchanged some funds for the Monero token, an anonymized crypto that’s particularly challenging to trace.

The 34-year-old blockchain auditing expert, who is well-versed in reverse engineering smart contracts, has been charged with wire fraud and money laundering. He faces a maximum sentence of 40 years in prison.