The US Department of Justice has arrested and charged a computer security engineer in connection with a multi-million dollar hack of a cryptocurrency exchange.
34-year-old Shakeeb Ahmed was arrested this week in New York and charged with crimes which could carry up to 20 years in prison.
According to local media reports, Ahmed appeared in court wearing flip-flops, shorts, and a t-shirt emblazoned with the message "I code."
Prosecutors allege that in July 2022 Ahmed, who is currently listed as a senior security engineer at Amazon, used his skills to uncover a vulnerability in a smart contracts operated on an overseas cryptocurrency exchange to insert fake pricing information, and fraudulently generate approximately $9 million for himself.
Although unnamed in the indictment, TechCrunch has linked details of the case to the July 2022 attack on Crema Finance, an exchange on the Solana blockchain.
In that case, Crema Finance's hacker ended up eventually returning funds stolen from the platform in exchange for a "bounty" worth $1.5 million. Whoever attack Crema Finance must have hoped that that would have meant that law enforcement wouldn't investigate the hack - something which, if found guilty, Ahmed will have plenty of time to think about.
US Attorney Damian Williams alleges that Ahmed laundered the stolen funds "through a series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges."
According to authorities, after laundering the millions of fees that had been stolen from the cryptocurrency exchange, Ahmed then searched online for information about the hack, his own criminal liability, how to flee the United States to avoid criminal charges, and - perhaps presciently - criminal defence attorneys who had experience in such cases.
Amongst the terms allegedly searched for by Ahmed according to prosecutors:
In addition, Ahmed is said to have visited a website called "16 Countries Where Your Investments Can Buy Citizenship...”
Ahmed has pled not guilty to the charges, and according to the firm is no longer employed by Amazon. More details of the case can be found in the DOJ's indictment against Shakeeb Ahmed.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024