- Shakeeb Ahmed, a senior security engineer, is accused of hacking a crypto exchange and stealing $9 million.
- Ahmed’s expertise in smart contract reverse engineering and blockchain audits facilitated the attack.
- The indictment reveals Ahmed’s attempts to launder the stolen funds through complex blockchain transactions.
A cybersecurity professional in the United States is facing allegations from the government for hacking a cryptocurrency exchange and stealing roughly $9 million worth of cryptocurrency. The case presents a fascinating situation where an ethical hacker appears to have gone rogue, only to later attempt to restore their ethical standing.
On Tuesday, the U.S. Attorney’s Office of the Southern District of New York issued a press release revealing the indictment of 34-year-old Shakeeb Ahmed. Described as a “senior security engineer” employed by an international technology company, Ahmed’s resume showcased proficiency in various areas, including reverse engineering smart contracts and conducting blockchain audits. These specialized skills allegedly played a crucial role in facilitating the execution of the attack, as outlined in the announcement.
In the document, U.S. Attorney Damian Williams stated:
This is the second case we are announcing this week to shed light on fraud in the cryptocurrency and digital asset ecosystem. As alleged in the indictment, Shakeeb Ahmed, who was a senior security engineer at an international technology company, used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency.
U.S. Attorney Damian Williams
Additionally, the accusation includes the allegation that Ahmed engaged in the process of laundering the stolen funds through intricate transfers on the blockchain. This involved exchanging cryptocurrencies, traversing various crypto blockchains, and utilizing overseas crypto exchanges. However, these efforts to conceal his actions and mislead law enforcement proved futile. Neither did they hinder the progress of my office nor our collaborative law enforcement partners in successfully tracking the flow of funds.
According to Ahmed’s LinkedIn profile, he held the position of senior security engineer at Amazon. A spokesperson for Amazon named August Aldebot-Green informed TechCrunch that Ahmed is no longer working for the company.
Although the prosecutors did not disclose the identity of the victim, CoinDesk, a cryptocurrency news website, reported that the details and timing of the hack align with the attack on Crema Finance, a Solana-based exchange, which occurred in early July 2022. The dates mentioned in the allegations, July 2 and 3, correspond to the timeframe when Ahmed purportedly hacked an unnamed exchange.
During that incident, the hacker returned approximately $8 million worth of cryptocurrency while retaining the remainder. This information was previously reported. The press release from the U.S. Department of Justice (DOJ) prosecutors stated that Ahmed “engaged in communications with the Crypto Exchange, offering to return all of the stolen funds except for $1.5 million, on the condition that the Crypto Exchange refrained from involving law enforcement in the matter.”
The federal authorities emphasized that Ahmed, who stands accused of wire fraud and money laundering, utilized the expertise gained from his employment to carry out the theft.
In the press release, Special Agent in Charge Tyler Hatcher, working for the IRS Criminal Investigation’s Cyber Crimes Unit (IRC-CI), stated, “Ahmed used his skills as a computer security engineer to steal millions of dollars. He then allegedly attempted to conceal the stolen funds, but his abilities were no match for IRC-CI’s Cyber Crimes Unit.”
According to the indictment, Ahmed allegedly took advantage of a vulnerability within the exchange and introduced “fake pricing data” to generate inflated fees worth millions of dollars. Although these fees were not legitimately earned, Ahmed managed to withdraw them successfully.
Subsequently, the authorities claim that Ahmed engaged in a process of laundering the stolen cryptocurrency through various transactions. These included token swapping and transferring the proceeds from the Solana blockchain to the Ethereum blockchain, among other techniques.
Moreover, the indictment suggests that Ahmed conducted online searches related to the hack, his own potential criminal liability, legal experts with experience in similar cases, the feasibility of law enforcement investigating such an attack, and the possibility of fleeing the United States to evade criminal charges.
