US hacker sentenced to three years in prison for stealing over $12 million in cryptocurrency from tw
A US hacker has been sentenced to three years in prison for stealing more than $12 million worth of crypto assets from two decentralized exchanges (DEX).
According to the DOJ, in July 2022, security engineer Shakeeb Ahmed used false pricing data to generate approximately $9 million worth of inflated fees on an unnamed DEX.
Ahmed subsequently withdrew the fees in cryptocurrency, but agreed to return all but $1.5 million of the stolen funds if the exchange agreed not to report the attack to law enforcement.
Later that month, hackers also attacked a DEX called Nirvana Finance, exploiting the project's smart contracts to offer low-priced cryptocurrency purchases. After purchasing the artificially devalued cryptocurrency, Ahmed immediately resold the digital assets to the DEX at a higher price. He successfully exploited this vulnerability to steal $3.6 million worth of cryptocurrency, draining Nirvana's funds and causing the DEX to shut down.
The hacker pleaded guilty to computer fraud and will serve three years of supervised release in addition to his three-year prison sentence. He was also ordered to forfeit approximately $12.3 million and “substantial” amounts of cryptocurrency, as well as pay $5 million worth of restitution to two DEXs.
Damian Williams, the U.S. attorney for the Southern District of New York, said Ahmed’s prosecution was the first-ever conviction for hacking a smart contract.
“No matter how novel or sophisticated the hack, this office and our law enforcement partners are committed to following the funds and bringing the hackers to justice. As today’s sentencing demonstrates, prison time—and the forfeiture of all stolen cryptocurrency—is the inevitable outcome of devastating hacks like these.”