Nirvana Finance Hacker pleaded guilty and forfeited $12.3 million.

Key Takeaways

Ahmed agreed to forfeit $12.3 million and pay $5 million in restitution.

Hackers can face up to five years in prison.

Shakeeb Ahmed, a senior security engineer at an international technology company, pleaded guilty in a New York court on Thursday in connection with two high-profile cryptocurrency hacks. Ahmed, who was arrested in July, was implicated in attacks on decentralized exchange Nirvana Finance and an unnamed cryptocurrency exchange.

The first hack involved Nirvana Finance, a decentralized finance (DeFi) protocol that lost approximately $3.5 million in 2022 due to a flash loan exploit. Ahmed used a sophisticated approach to leverage flash loans and exploit vulnerabilities in Nirvana smart contracts.

A smart contract is a piece of code on a blockchain that automatically executes the terms of a contract off-chain. Despite Nirvana’s attempts to negotiate a return through a $600,000 bounty, no agreement was reached, leading to the closure of Nirvana Finance.

The second hack targeting a private cryptocurrency exchange occurred in July 2022. Ahmed manipulated smart contract vulnerabilities to inject fake pricing data, earning inflated fees of approximately $9 million. Despite returning most of the funds, Ahmed kept $1.5 million. The exchange decided not to involve law enforcement in exchange for Ahmed returning most of his funds.

As part of his guilty plea, Ahmed agreed to forfeit $12.3 million in assets and pay an additional $5 million in restitution to his victims. This is the first time the U.S. Department of Justice (DOJ) has convicted someone for hacking a smart contract, a landmark case as it comes under increasing scrutiny of cybercriminals exploiting vulnerabilities in the cryptocurrency space.

Ahmed’s actions extended beyond actual hacking. He used sophisticated techniques to launder stolen funds. These include token swap transactions, bridging fraud profits between blockchains, exchanging funds with the privacy-focused cryptocurrency Monero, and utilizing cryptocurrency mixers for anonymity.

The hacker, who is currently facing charges of wire fraud and money laundering, could face up to five years in prison. His sentencing date is March 13, 2024.

In 2017, Parity Wallet hackers again migrated $ETH, the leading AI API for developers. According to a report from Elliptic, more than $100 million worth of NFTs were stolen last year. Quantstamp agreed to pay $3.4 million to settle SEC fees for its unregistered ICO.