A resident of New York, Shakib Akhmed, has been sentenced to 3 years in prison for hacking two crypto exchanges and stealing cryptocurrencies worth over $5 million. According to data from the prosecutor’s office, this is the first case of a conviction for hacking a smart contract.
Akhmed carried out the first attack on a cryptocurrency exchange on July 2 and 3, 2022, manipulating prices to generate around $9 million in high commissions. After the theft, he offered to return the stolen funds, except for $1.7 million, if the exchange did not report the attack to law enforcement. Akhmed received $1.7 million as a reward, with the remaining $7.3 million returned to the platform.
Although the prosecutors did not identify the targeted exchange, news sources suggest it was Crema Finance, a Solana exchange, based on the provided description and dates matching the incident in early July 2022.
A few weeks later, on July 28, Akhmed attacked another exchange, Nirvana Finance, exploiting a smart contract vulnerability to buy cryptocurrency at a lower price and sell it at a higher price. Despite Nirvana offering a reward of up to $600,000 for a refund, Akhmed demanded $1.4 million and absconded with $3.6 million, leading to the exchange’s closure.
To conceal the origin of the stolen funds, Akhmed used various methods, such as exchanging tokens, transferring funds between blockchains (from SOLANA to Ethereum), utilizing anonymous cryptocurrencies (Monero), and cryptocurrency mixers (Samourai Whirlpool). However, these efforts to conceal the source of the funds were unsuccessful.
At the time of the attacks, Akhmed was a senior security engineer at an international tech company, with expertise in reverse engineering smart contracts and auditing blockchain, skills that aided in the hacks.
The specific company where Akhmed worked was not disclosed by the ministry, but his LinkedIn profile indicated employment at Amazon. Representatives from Amazon confirmed his past affiliation with the company but stated that he was no longer employed there.
In December 2023, Shakib Akhmed pleaded guilty to hacking two decentralized exchanges and misappropriating digital assets worth more than $5 million. In addition to the prison sentence, Akhmed will be under three years of probation