urlscan.io logo urlscan.io
SecurityTrails logo

therecord.media Open in urlscan Pro
2606:4700:4400::ac40:9b4b  Public Scan

Back to summary
Submitted URL: https://go.recordedfuture.com/e3t/Ctc/F7+113/c1CFj04/VVqCw033PJH0W6Yjmny486VdrVmLt1V57bkRsN8BHR6v3lYMRW7Y8-PT6lZ3m5VYRYWW1Bl3H...
Effective URL: https://therecord.media/guilty-plea-cryptocurrency-exchange-thefts-nirvana?utm_medium=email&_hsmi=286906285&_hsenc=p2ANq...
Submission: On December 18 via api from BE — Scanned from DE

Form analysis 1 forms found in the DOM

<form><span class="text-black text-sm icon-search"></span><input type="text" name="s" placeholder="Search…" value=""><button type="submit">Go</button></form>

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

Accept


 * Leadership
 * Cybercrime
 * Nation-state
 * Elections
 * Technology

 * Cyber Daily®
 * Click Here Podcast

Go
Subscribe to The Record
✉️ Free Newsletter
Daryna Antoniuk
December 15th, 2023
 * Cybercrime
 * News

 * 
 * 
 * 
 * 
 * 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.


NY ENGINEER PLEADS GUILTY TO STEALING MILLIONS FROM TWO CRYPTO EXCHANGES

A former security engineer for an international tech company pleaded guilty in
federal court to hacking two decentralized cryptocurrency exchanges.

As a result of these hacks in July 2022, U.S. citizen Shakeeb Ahmed, 34,
illegally obtained over $12 million, according to the U.S. Department of
Justice. Ahmed agreed to forfeit those funds, including more than $5 million in
restitution to victims. He faces a maximum sentence of five years in prison.

Ahmed exploited vulnerabilities in the smart contracts of the two exchanges: one
called Nirvana Finance and another unspecified exchange based on the currency
Solana. Smart contracts are digital agreements with the terms of the contract
directly written into code. Decentralized exchanges allow people to trade
cryptocurrency directly, peer-to-peer, with an intermediary.

Ahmed’s case is the first-ever conviction involving an attack on a smart
contract, said Damian Williams, the U.S. attorney for the Southern District of
New York.

In his first attack on the unnamed crypto exchange, Ahmed exploited a
vulnerability in one of its smart contracts by inserting fake pricing data,
causing the contract to generate approximately $9 million in inflated fees.

After withdrawing these fees, Ahmed agreed to return all of the stolen funds,
except for $1.5 million, if the crypto exchange agreed not to refer the attack
to law enforcement.

Although the targeted platform wasn't named, several cryptocurrency experts
previously linked Ahmed's previous indictment to the July 2022 attack on Crema
Finance, where about $9 million in cryptocurrency was stolen.

A few weeks after his first hack, Ahmed also targeted Nirvana Finance by using
an exploit in its smart contract to purchase the platform’s own crypto token at
a low price and sell it back to the platform at a high price. In this way, he
obtained approximately $3.6 million in illegal profit, almost all the funds
possessed by the exchange.

Nirvana offered him a bounty of up to $600,000, but Ahmed demanded more. With no
agreement reached, Ahmed kept all the stolen funds, leading to the platform's
shutdown.

In a statement on Friday, Nirvana Finance said that if Ahmed returns the stolen
money, the cash will be distributed to those affected by the hack based on their
exposure at the time of the theft.

At the time of both attacks, Ahmed worked for a tech company in New York.
Prosecutors did not name the company, but TechCrunch reported in July that he
was an Amazon employee at some point. His resume stated that he was well-versed
in reverse engineering of smart contracts and blockchain audits — skills he used
to execute the hacks.

After the thefts, Ahmed tried to cover his tracks by exchanging the stolen money
for Monero — a cryptocurrency designed to offer enhanced privacy and anonymity
for its users, making transactions difficult to trace. He also utilized
cryptocurrency mixers, switched between different blockchains, and used overseas
crypto exchanges.

Worried about getting caught, he considered leaving the U.S. Police discovered
that he searched online for information about his hacks, as well as websites
related to his ability to flee the U.S., avoid extradition, and keep his stolen
cryptocurrency.

For example, he searched for terms like “can I cross the border with crypto,"
"how to stop the federal government from seizing assets," and "buying
citizenship." He also visited a website titled "16 countries where your
investments can buy citizenship."

 * 
 * 
 * 
 * 
 * 

Tags
 * cryptocurrency
 * decentralized finance
 * guilty plea
 * New York
 * cryptocurrency exchange
 * cryptocurrency heist

Previous articleNext article
Central Bank of Lesotho facing outages after cyberattack
Four charged for laundering funds in $80 million pig butchering scheme


DARYNA ANTONIUK



Daryna Antoniuk is a freelance reporter for Recorded Future News based in
Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe
and the state of the cyberwar between Ukraine and Russia. She previously was a
tech reporter for Forbes Ukraine. Her work has also been published at Sifted,
The Kyiv Independent and The Kyiv Post.


BRIEFS

 * Four charged for laundering funds in $80 million pig butchering
   schemeDecember 15th, 2023
 * Kraft Heinz reviewing claims of cyberattack but internal systems ‘operating
   normally’December 14th, 2023
 * Iran-linked hackers develop new malware downloaders to infect victims in
   IsraelDecember 14th, 2023
 * FCC updates data breach rules, with consumers in mindDecember 14th, 2023
 * New hacker group uses old attack methods to breach Asian gambling
   companiesDecember 14th, 2023
 * Section 702 extension inches closer after Senate approves temporary
   renewalDecember 14th, 2023
 * Sony investigating potential ransomware attack on Insomniac Games
   unitDecember 13th, 2023
 * Russian national with alleged Hive ransomware ties arrested in ParisDecember
   13th, 2023
 * Ukraine’s intelligence claims cyberattack on Russia’s state tax
   serviceDecember 12th, 2023


AGGRESSIVE MALIGN INFLUENCE THREATENS TO SHAPE US 2024 ELECTIONS


Aggressive Malign Influence Threatens to Shape US 2024 Elections


OBFUSCATION AND AI CONTENT IN THE RUSSIAN INFLUENCE NETWORK “DOPPELGÄNGER”
SIGNALS EVOLVING TACTICS


Obfuscation and AI Content in the Russian Influence Network “Doppelgänger”
Signals Evolving Tactics


CRYPTO COUNTRY: NORTH KOREA’S TARGETING OF CRYPTOCURRENCY


Crypto Country: North Korea’s Targeting of Cryptocurrency


AS BLACK FRIDAY APPROACHES, 3 KEY TRENDS OFFER INSIGHTS FOR MITIGATING ONLINE
SHOPPING SCAMS


As Black Friday Approaches, 3 Key Trends Offer Insights for Mitigating Online
Shopping Scams


IMPROVING AUTOMATION AND ACCESSIBILITY DRIVE $100 BILLION IN PROJECTED AD FRAUD
LOSSES


Improving Automation and Accessibility Drive $100 Billion in Projected Ad Fraud
Losses
 * 
 * 
 * 
 * 

 * Privacy
 * About
 * Contact Us

© Copyright 2023 | The Record from Recorded Future News