Former Amazon Engineer Sentenced to Three Years in Prison for Hacking Crypto Exchanges
Former Amazon employee and cybersecurity specialist Shakeeb Ahmed has been sentenced to three years in prison for hacking two cryptocurrency exchanges in 2022, stealing over $12 million. After his release, Ahmed, who previously pleaded guilty, will spend an additional three years under government supervision, return the stolen $12.3 million, and pay restitution to both affected companies.
Details of the Hacks
According to the U.S. Department of Justice, in 2022 Ahmed used his skills in reverse engineering smart contracts and blockchain auditing to hack the decentralized crypto exchange Nirvana Finance, stealing about $3.5 million. He also targeted an unnamed exchange built on the Solana blockchain, stealing over $9 million.
Interestingly, after the second theft, Ahmed contacted the management of the affected company and returned most of the stolen funds, keeping about $1.5 million as a “reward” for discovering the vulnerability.
Although the name of the second exchange was not officially disclosed, experts have long concluded that it was Crema Finance. In 2022, Crema Finance lost about $9 million in a hack, and days later, the company announced that the hacker agreed to accept a “reward” of approximately $1.68 million and returned the remaining assets.
The Nirvana Finance Incident
Ahmed attempted a similar scheme with Nirvana Finance. He exploited a vulnerability in the DeFi protocol’s smart contract and conducted a flash loan attack using ANA tokens purchased at a low price. He later sold the tokens at a higher price, netting about $3.6 million.
The affected company tried to recover the stolen crypto assets by offering Ahmed a $600,000 reward. However, Ahmed refused and demanded $1.4 million instead. Ultimately, the company and the hacker failed to reach an agreement, leading to Nirvana Finance shutting down, with Ahmed keeping all the stolen funds.
Covering His Tracks
Investigators found that after the hacks, Ahmed tried to cover his digital tracks by using several cryptocurrency mixers, including Samourai Whirlpool, as well as the Solana and Ethereum blockchains and foreign exchanges to convert the stolen millions into Monero.
The indictment also listed some of Ahmed’s search queries after the attacks, including: “tips for fleeing the U.S. to avoid criminal charges,” “how to avoid extradition,” “how to keep stolen cryptocurrency,” and “how to buy citizenship.”