Ex-Security Engineer Charged Over $9M Cryptocurrency Theft
On June 11, United States Attorney for the Southern District of New York, Damian Williams, announced charges against Shakeeb Ahmed, a former security engineer. Accused of exploiting a smart contract bug, Ahmed allegedly stole $9 million in cryptocurrency from a Solana-based decentralized crypto exchange (DEX).
An Unprecedented Case of Smart Contract Exploitation
This case is the “first-ever criminal case” involving an attack on a smart contract operated by a decentralized exchange (DEX), according to the statement by Williams. Ahmed, exploiting a vulnerability in the DEX’s smart contracts, allegedly generated inflated fees using flash loans.
Covering Tracks Through the Blockchain
Ahmed allegedly laundered the stolen funds through a “series of complex transfers on the blockchain”. This involved swapping cryptocurrencies, hopping across different crypto blockchains, and using overseas crypto exchanges.
Previous Attacks on Solana-Based DEX
A similar incident took place on July 2, 2022, where an unknown hacker exploited Solana-based liquidity protocol Crema Finance, stealing $9.6 million in cryptocurrency. Most of the stolen funds were later returned by the exploiter, who kept $1.6 million as a white hat bounty.
Returning Stolen Funds, but Not Enough to Avoid Charges
Ahmed returned all but $1.5 million of the stolen funds on the condition that the crypto exchange would not refer the attack to law enforcement. But these actions did not cover his tracks or fool law enforcement, according to Williams.
Implications for the DeFi Ecosystem
The arrest and indictment of Ahmed sends a strong message to the DeFi community. The indictment indicates that the Department of Justice (DOJ) is prepared to “pursue criminal charges if a person intentionally uses a protocol in a way that it was not intended to be used,” according to crypto and startup lawyer “Orlando.btc”. The move is seen as potentially beneficial to the overall DeFi ecosystem.