The US today announced the arrest of Shakeeb Ahmed on charges related to the defrauding of a decentralized cryptocurrency exchange in 2022.
Ahmed, 34, of New York, has been charged with wire fraud and money laundering in connection with a scheme involving flash loans and inflated fees that were not legitimately earned.
According to an indictment unsealed today, in July 2022, Ahmed exploited a smart contract vulnerability, defrauding the crypto exchange and its users of roughly $9 million.
After stealing the funds, Ahmed, who at the time was a senior security engineer at an international technology company, specialized in smart contracts and blockchain audits, contacted the crypto exchange and returned most of the funds, except for roughly $1.5 million he kept as a bounty.
While the indictment does not name the impacted crypto exchange, the description of the attack suggests that Ahmed defrauded Crema Finance, which announced on July 4, 2022, that hackers had used this mechanism to steal roughly $8.8 million worth of assets.
Three days later, Crema Finance announced that the hacker had agreed to take a “white hat bounty” of approximately $1.68 million, but that he returned the rest of the stolen assets.
The wire fraud and money laundering charges against Ahmed carry a prison sentence of up to 20 years each. Ahmed was arrested in New York this morning, the US Department of Justice announced, noting that this is the “first criminal case involving an attack on a smart contract operated by a decentralized cryptocurrency exchange”.
Related: Interpol: Key Member of Major Cybercrime Group Arrested in Africa
Related: Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks
Related: Spain Arrests Hackers in Crackdown on Major Criminal Organization