"Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges"

Recently, Shakeeb Ahmed, a former senior security engineer, was sentenced to three years in prison for hacking and defrauding two cryptocurrency exchanges.  Ahmed, 34, of New York, New York, was arrested in July 2023, one year after the attacks occurred.  He pleaded guilty in December.  According to the Department of Justice (DoJ), in early July 2022, Ahmed defrauded a decentralized cryptocurrency exchange of roughly $9 million.  By exploiting a smart contract vulnerability, Ahmed faked price data and generated inflated fees that he then withdrew in the form of cryptocurrency.  He then contacted the exchange and agreed to return all the funds except for $1.5 million, which he would keep as a bounty.  The DoJ noted that at the end of July 2022, Ahmed targeted a second decentralized crypto exchange, Nirvana Finance, by exploiting a different vulnerability in the exchange’s smart contracts, which enabled him to purchase cryptocurrency at lower prices than allowed.  He then sold the virtual assets to Nirvana at a higher price.  Nirvana offered him a bug bounty reward of $600,000 in exchange for the stolen funds, but he asked for $1.4 million instead and ended up keeping all the assets after failing to reach an agreement with the exchange.  The DoJ said that Ahmed used multiple techniques, such as token-swap transactions, exchanging the proceeds in other cryptocurrency, bridging the assets between blockchains, and using cryptocurrency mixers and overseas exchanges.  In addition to the prison term, Ahmed was sentenced to three years of supervised release and ordered to forfeit approximately $12.3 million and pay over $5 million in restitution to the victim cryptocurrency exchanges.

SecurityWeek reports: "Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges"