Nirvana Finance Exploit Solved? Security Engineer Pleads Guilty in $12M Crypto Hack

It seems like yet ANOTHER hack is shaking up the crypto space. But this time, the perpetrator is owning up. 

Shakeeb Ahmed, a former security engineer for an international technology company admits to hacking Nirvana Finance and another unnamed decentralized cryptocurrency exchange —a historic first for smart contract breaches.

Admitting Fraud 

In a press release by the Southern District of New York, the United States Attorney announced the guilty plea today of Shakeeb Ahmed in connection with his hack of two separate decentralized cryptocurrency exchanges, one of which was the July 2022 hack of Nirvana Finance.  

Ahmed pled guilty to computer fraud before U.S. Magistrate Judge Ona T. Wang and agreed to return all of the stolen crypto to his victims.  Ahmed also agreed to forfeit over $12.3 million, including forfeiture of approximately $5.6 million in fraudulently obtained cryptocurrency.

In a statement, U.S. Attorney Damian Williams outlined the accused’s attempts to cover his tracks.

“In total, Ahmed used his technical know-how to steal over $12 million and tried to cover his tracks by swapping stolen crypto for Monero, using cryptocurrency mixers, hopping across blockchains, and utilizing overseas crypto exchanges.  Today’s conviction shows that no matter how sophisticated the methods used, fraud is a fraud, and we will swiftly catch and convict you.”

Understanding the Hacking Procedure 

On July 2 and 3, 2022, Ahmed attacked the unspecified Crypto Exchange by exploiting a vulnerability in one of the exchange’s smart contracts and inserting fake pricing data to fraudulently cause that smart contract to generate approximately $9 million worth of inflated fees that he did not legitimately earn.

Post the heist, he communicated with the Crypto Exchange in which he agreed to return all of the stolen funds except for $1.5 million if they agreed not to refer the attack to law enforcement. 

And He Continued…

Nirvana was a second decentralized finance protocol that Ahmed hacked.  On about July 28, 2022, a few weeks after the hack of the Crypto Exchange, Ahmed carried out an attack on Nirvana in which he took out a flash loan for approximately $10 million, used those funds to purchase ANA from Nirvana, and used an exploit he discovered in Nirvana’s smart contracts to purchase the ANA at its initial, low price, rather than at the higher price. 

When the price of ANA was updated to reflect his large purchase, Ahmed resold the ANA he had purchased to Nirvana at the new, higher price, resulting in a profit of approximately $3.6 million. 

Despite Nirvana’s $600,000 bug bounty offer, Ahmed demanded $1.4 million, leading to a standoff. The fallout from his $3.6 million heist proved fatal for Nirvana, which collapsed shortly after.

All’s Well That Ends Well?

Ahmed laundered millions he stole using sophisticated techniques including token-swap transactions, bridging fraud proceeds from the Solana blockchain over to the Ethereum blockchain, exchanging fraud proceeds into Monero, an anonymized and particularly difficult cryptocurrency to trace, using overseas cryptocurrency exchanges, and using cryptocurrency mixers such as Samourai Whirlpool.

Now, the 34-year-old has pled guilty to one count of computer fraud, which carries a maximum sentence of five years in prison.  He has also agreed to pay restitution to his victims totalling $ 5 million. 

The community waits for the hearing as the final sentence is  scheduled to be on March 13, 2024

You May Also Like

More From Author

+ There are no comments

Add yours