Tech worker accused in $9 million crypto platform hack

The Justice Department announced the arrest of a cybersecurity professional accused of hacking into a cryptocurrency exchange and stealing about $9 million.

Shakeeb Ahmed, 34, was charged Tuesday with wire fraud and money laundering connected to an attack on a cryptocurrency exchange on July 2, 2022. Prosecutors did not name where he worked, but TechCrunch reported that he was an Amazon employee at some point.

Recorded Future News found a LinkedIn account with the name “Shakeeb A.” As of Wednesday morning, the account was unavailable. Amazon did not respond to requests for comment.

The platform also is not named, but several cryptocurrency experts tied the indictment to the July 2022 attack on Crema Finance, which had about $9 million in cryptocurrency stolen.

U.S. Attorney Damian Williams said Ahmed “used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency.”

“We also allege that he then laundered the stolen funds through a series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges,” Williams said.

“But none of those actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop my Office or our law enforcement partners from following the money.”

U.S. Attorney Damian Williams announces the first-ever criminal case involving an attack on a smart contract operated by a decentralized cryptocurrency exchange pic.twitter.com/j3JPv2L612

— US Attorney SDNY (@SDNYnews) July 11, 2023

Ahmed was arrested in New York on Tuesday morning and appeared before U.S. Magistrate Judge Robert W. Lehrburger.

He is accused of exploiting a vulnerability on the crypto exchange’s platform that allowed anyone to insert fake pricing data and generate $9 million dollars’ worth of fees that the platform pays to users who deposited cryptocurrency. He also conducted flash loan attacks — when a hacker uses a fast, uncollateralized loan to target vulnerabilities in a project's design — to make even more money from the platform, prosecutors said.

Ahmed eventually returned what was stolen from the platform in exchange for a $1.5 million “bounty” — facts that line up with what happened to Crema Finance. He took the bounty in exchange for guarantees that the platform would not notify law enforcement of what he did.

The Justice Department noted that Ahmed’s work as a security engineer gave him the kind of skills needed to pull off the hack, including “reverse engineering smart contracts and blockchain audits.”

The indictment lists Ahmed’s internet searches after he conducted the hack, alleging he looked for:

• News of the attack
• Information on the kind of charges someone would face for conducting a hack
• Criminal defense attorneys with experience with cybercrime
• Law enforcement’s ability to investigate cyberattacks
• Tips on fleeing the U.S. to avoid criminal charges
• How to avoid extradition
• How to keep stolen cryptocurrency
• How to cross the border with cryptocurrency
• How to stop the federal government from seizing assets
• How to buy citizenship

If convicted, Ahmed is facing a maximum sentence of 20 years in prison.

This is the second notable arrest connected to an attack on a crypto platform after the DOJ nabbed and charged Avraham Eisenberg in December for an alleged $100 million hack of crypto platform Mango Markets.

Like Ahmed, Eisenberg returned a portion of the funds and took a “bounty” under the agreement that the platform would not notify the police.

Chad Plantz, special agent in charge for Homeland Security Investigations, said in a statement that the Ahmed’s alleged activity “strikes at the core of our national and economic banking security.”

“Ruthless and reckless attempts aimed to sabotage legitimate commerce for greed must be stopped,” Plantz said.