After orchestrating a series of hacks on two decentralized cryptocurrency exchanges (DEXs) that stole more than $12 million worth of crypto, former security engineer Shakeeb Ahmed was sentenced today to three years in prison, this is the first-ever smart contract hacking conviction in the US.
Ahmed was also ordered to forfeit the stolen crypto and pay restitution to the affected exchanges.
Engineer Exploits Crypto Vulnerabilities In $12 Million Hacks
According to charging documents and court filings, Ahmed conducted two separate attacks on decentralized exchanges. In the first incident, which took place on July 2 and 3, 2022, he manipulated fake pricing data to generate approximately $9 million in inflated fees. Subsequently, Ahmed withdrew these fees in the form of cryptocurrency.
Following the theft, Ahmed communicated with the exchange, offering to return the stolen funds, except $1.5 million, if the exchange did not involve law enforcement.
Shortly after, on July 28, 2022, Ahmed targeted another decentralized exchange called Nirvana Finance. Exploiting a vulnerability in Nirvana’s smart contracts, he purchased crypto assets at a lower price than intended and promptly resold them back to Nirvana at a higher price.
Despite Nirvana offering a substantial “bug bounty” of up to $600,000 for the return of the stolen…