A US hacker has been sentenced to three years in prison for stealing over $12 million in cryptocurrency from two decentralized exchanges (DEXs).
Exploiting Pricing Data
In July 2022, Shakeeb Ahmed, a security engineer, manipulated pricing data on an unnamed DEX to generate inflated fees worth around $9 million. He then withdrew these fees in crypto, but agreed to return most of the stolen funds in exchange for the exchange not reporting the attack.
Smart Contract Exploit
Later that month, Ahmed targeted a DEX called Nirvana Finance. He exploited the project’s smart contracts to offer artificially low-priced crypto purchases. After buying these devalued assets, he resold them at a higher price to the DEX, stealing $3.6 million worth of crypto. The exploit drained Nirvana’s coffers and forced it to shut down.
Guilty Plea and Sentence
Ahmed pleaded guilty to computer fraud. In addition to his three-year prison sentence, he will serve three years of supervised release. He has been ordered to forfeit over $12 million and a significant amount of cryptocurrency, as well as pay $5 million in restitution to the two DEXs.
First-Ever Smart Contract Hack Conviction
Damian Williams, US Attorney for the Southern District of New York, stated that Ahmed’s prosecution marks the first-ever conviction for the hack of a smart contract. He emphasized the commitment of law enforcement to pursue hackers and hold them accountable for their actions.