In the Southern District of New York court on December 14, a software engineer pleaded guilty to one count of computer fraud concerning the hack of Nirvana Finance and an unnamed decentralized cryptocurrency exchange. This conviction marks the first-ever instance related to smart contract hacking, as highlighted by the U.S. Attorney’s Office.
Shakeeb Ahmed, identified as a "senior security engineer at an international technology company," faced arrest in July due to his alleged involvement in a hack of an undisclosed exchange around July 2 and 3, 2022. The U.S. Attorney's Office stated that Ahmed targeted the cryptocurrency exchange by exploiting a smart contract vulnerability, causing the contract to incur inflated fees of approximately $9 million by manipulating pricing data.
Despite returning almost all of the funds, retaining only $1.5 million, Ahmed agreed not to report the attack to law enforcement. Following his arrest, Ahmed confessed to another incident - the $3.49 million flash loan scam at Nirvana Finance occurring later that month. Nirvana had offered Ahmed a $300,000 reward to return funds stolen during the Twitter hack (now X).
Negotiations between Ahmed and Nirvana Finance took place regarding the bounty, but Ahmed chose to sell all his ANA coins, resulting in substantial profit and the eventual collapse of Nirvana Finance. The statement further revealed that Ahmed employed his technical expertise to steal over $12 million and attempted to cover his tracks by exchanging stolen cryptocurrency for Monero, using cryptocurrency mixers, and employing overseas cryptocurrency exchanges. Ahmed, a U.S. citizen and resident of New York City, had been released on bail after his initial arrest in July. His sentencing is scheduled for March 13, 2024.
