Shakeeb Ahmed, a 34-year-old senior security engineer, admitted to abusing the Nirvana Finance protocol and another unnamed decentralized cryptocurrency exchange, the United States Attorney’s Office for the Southern District of New York. announced on Thursday.
Ahmed agreed to forfeit $12.3 million obtained from the two hacks. He will also pay the victims damages totaling $5 million.
“Five months ago, my office announced the first-ever arrest involving a smart contract attack,” U.S. Attorney Damian Williams said in a statement. “That arrest is now the very first conviction for such a hack.”
Two exploits from 2022
Ahmed was charged with bank fraud and money laundering in July. According to the indictment, he exploited a vulnerability in a smart contract of an unnamed Solana-based exchange that matched Crema Finance’s description. reports.
A few weeks after the initial hack, Ahmed carried out a $3.6 million attack on Nirvana Finance, involving a flash loan and an exploit he discovered in the platform’s smart contracts. Nirvana had offered Ahmed a $600,000 bounty in exchange for the return of the stolen money, but he demanded $1.4 million instead, and the parties never reached an agreement.
Ahmed laundered the funds ‘using sophisticated techniques including token swap transactions, ‘bridging’ fraud proceeds from the Solana blockchain to the Ethereum blockchain, exchanging fraud proceeds into Monero, an anonymized and cryptocurrency is particularly difficult to trace, using foreign cryptocurrency exchanges, and using cryptocurrency mixers such as Samourai Whirlpool,” the statement said.
Ahmed faces a maximum prison sentence of five years. He will be sentenced on March 13.
