cybersecurity professional is accused of stealing $9 million in cryptocurrency – The United States government accused a cybersecurity professional of hacking a cryptocurrency exchange and stealing approximately $9 million in cryptocurrency, in what appears to be an instance of an ethical hacker going rogue and then attempting to appear ethical again.
The United States Attorney’s Office for the Southern District of New York announced the indictment of Shakeeb Ahmed, 34, in a press release on Tuesday, describing him as “a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills AHMED used to execute the attack.”
While the prosecutors did not name the victim, cryptocurrency news website Coindesk reported that the description and date of the hack match an attack on Crema Finance, a Solana-based exchange, that occurred in early July 2022, around the same time — July 2 and 3 — that Ahmed is accused of hacking the unnamed exchange.
According to reports at the time, the hacker ended up returning roughly $8 million in cryptocurrency and retaining the rest. Prosecutors from the Department of Justice stated in a press statement that Ahmed “had communications with the Crypto Exchange in which he decided to return all of the stolen funds except $1.5 million if the Crypto Exchange agreed not to refer the attack to law enforcement.”
This is a pretty typical approach in the worlds of cryptography and web3. In the past, hackers who stole cryptocurrency and offered to return some of it by personally bargaining with victims were referred to as “white hats,” cybersecurity jargon for hackers with good intentions. Clearly, these hackers have co-opted a phrase with a rather clear and established definition for conduct that, to say the least, exists in a murky area.
And, as this case demonstrates, returning some of your crypto riches does not mean you will not be prosecuted.
The feds emphasized that Ahmed, who is accused of wire fraud and money laundering, used the skills he obtained at his day job to carry out his unlawful act.
“Ahmed used his skills as a computer security engineer to steal millions of dollars. He then allegedly tried to hide the stolen funds, but his skills were no match for IRS Criminal Investigation’s Cyber Crimes Unit,” Special Agent in Charge Tyler Hatcher of IRC-CI, the IRS’s criminal investigation department, is quoted in the news release as saying.
According to the indictment, Ahmed reportedly exploited a vulnerability in the exchange and inserted “fake pricing data to fraudulently generate millions of dollars’ worth of inflated fees,” which he did not actually earn but was nevertheless able to withdraw.
The stolen crypto was then reportedly laundered by Ahmed “through a series of transactions,” including token swaps and “bridging” the revenues from the Solana blockchain to the Ethereum blockchain, among other things, according to the FBI.
Later, Ahmed is said to have searched the internet for information on the breach, “his own criminal liability,” attorneys with experience in similar cases, if law enforcement might investigate such an attack, and “fleeing the United States to avoid criminal charges.”