Shakeeb Ahmed, a computer security engineer, has been sentenced to three years in prison followed by three years of supervised release by the Southern District of New York (SDNY) court. Ahmed's conviction marks the first for smart contract hacking, according to U.S. Attorney Damian Williams. The charges stem from flash loan attacks conducted on decentralized cryptocurrency exchanges, including the Nirvana exchange, in 2022.
As part of the sentencing, Ahmed has been ordered to forfeit $12.3 million along with a significant amount of cryptocurrency. Additionally, he is required to pay $5 million in damages to the affected exchange. Despite offering to return most of the stolen funds to the Crypto Exchange, excluding $1.5 million, negotiations with Nirvana fell through. Ahmed demanded $1.4 million of the $3.6 million he stole from Nirvana, leading to no agreement.
Following the hack, Nirvana's NIRV stablecoin decoupled from the U.S. dollar, and its native ANA coin plummeted by 85%, ultimately resulting in the exchange's closure. The SDNY's statement outlined Ahmed's laundering of the hacked funds through various means, including token exchange transactions, bridging fraud proceeds between blockchains, and utilizing cryptocurrency mixers like the Samourai Whirlpool.
Notably, federal charges did not directly link Ahmed to a similar attack on Crema exchange in July 2022. During the time of the attack, Ahmed was employed as a senior security engineer for an international technology company. Bloomberg reports that he currently serves as the technical lead for Amazon's bug bounty program. While released on bail, Ahmed has transitioned to working at a mental health care startup, as reported by Inner City Press. Ahmed expressed remorse during his trial, stating that he witnessed the hack and found a way to exploit the exchange's smart contracts. He underwent therapy while facing charges and ultimately pleaded guilty to one count of computer fraud in December.
