Former Amazon Engineer Hacked 2 Crypto Exchanges

Former Amazon engineer Shakeeb Ahmed has admitted to orchestrating a significant hacking operation. This complex heist stole over $12.3 million from two cryptocurrency exchanges in July 2022.

The Ingenious Former Amazon Engineer

The two compromised entities were Nirvana Finance, a decentralized crypto exchange, and an unnamed platform operating on Solana. Utilizing his profound knowledge in blockchain audit and smart contract reverse engineering, Ahmed executed these sophisticated attacks.

His first move targeted the unnamed crypto exchange. Ingeniously, he manipulated a smart contract to insert false pricing data. This clever ploy generated about $9 million in inflated fees. After withdrawing these funds, Ahmed attempted to negotiate. He offered to return the sum, minus $1.5 million, if the exchange stayed silent and did not involve law enforcement.

While the Justice Department didn’t explicitly identify the victim, the details align closely with another breach. That development hit the Crema Finance decentralized finance (DeFi) platform in July 2022.

Second Heist: Exploiting Nirvana Finance

Not stopping there, the former Amazon engineer soon targeted Nirvana Finance. He exploited a loophole in the DeFi protocol‘s smart contract. By taking a flash loan of ANA cryptocurrency tokens at a low price and selling them at a higher rate, he netted approximately $3.6 million.

Despite a $300,000 bounty offer to return the stolen assets, Ahmed held onto his loot. This total represented all funds owned by Nirvana Finance. His refusal to settle for $1.4 million forced the exchange to cease operations.

To hide his tracks, Ahmed employed several tactics. He used cryptocurrency mixers, including Samourai Whirlpool, and leveraged the Solana and Ethereum blockchains. He also engaged foreign exchanges to convert his stolen millions into Monero. This cryptocurrency is known for its enhanced privacy and anonymity, making it a choice tool for concealing illicit activities.

Ahmed’s online activities revealed his determination to avoid capture. He researched strategies for fleeing the United States, evading asset seizures, and acquiring citizenship in various countries. These actions demonstrated his intent to escape legal repercussions.

The Historic Amazon Engineer Arrest and Guilty Plea

U.S. Attorney Damian Williams highlighted the significance of this case. “Five months ago, my Office announced the first-ever arrest involving an attack on a smart contract. Today, Ahmed’s guilty plea marks the first-ever conviction for such a hack,” he stated.

Ahmed’s admission also revealed his involvement in the unsolved Nirvana Finance hack. His technical skills enabled him to amass over $12 million. He attempted to cover his actions by swapping stolen crypto for Monero. Plus, he used mixers, moved across blockchains, and utilized foreign exchanges.

The former Amazon engineer has pled guilty to a single computer fraud charge, a crime carrying a maximum five-year prison term. He has also committed to compensating his victims. Moreover, he will forfeit the full hacking proceeds.