New York prosecutor charges hacker over $9M exploit of Solana-based exchange

Published on:

A former security engineer for an international technology firm has been arrested and charged for allegedly using a smart contract bug to steal $9 million in cryptocurrency from a Solana-based decentralized crypto exchange.

On June 11, the United States Attorney for the Southern District of New York, Damian Williams, announced the “first-ever criminal case” involving an attack on a smart contract operated by a decentralized exchange (DEX).

In a statement, Williams claims the accused — Shakeeb Ahmed — “used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency.”

Williams said the attack was carried out in July 2022 and was aimed at a Solana-based DEX.

The attack involved exploiting a vulnerability in the exchange’s smart contracts to generate inflated fees with flash loans.

These were then withdrawn and laundered through a “series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges.”

While Williams did not disclose the DEX exploited in July, previous reporting from Cointelegraph reveals an unknown hacker exploited Solana-based liquidity protocol Crema Finance on July 2, 2022, stealing $9.6 million in cryptocurrency.

The exploiter later returned most of the funds but was allowed to keep $1.6 million as a white hat bounty.

Similarly, William’s statement also noted that Ahmed returned all the stolen funds except for $1.5 million on condition the crypto exchange did not refer the attack to law enforcement.

Read more:  Circle Launches euro-backed Stablecoin on Avalanche!

“None of those actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop my office or our law enforcement partners from following the money,” he said.

Ahmed was arrested in New York and has been indicted on charges of wire fraud and money laundering related to the attack of the Solana-based DEX in July 2022.

Cointelegraph contacted Crema Finance for clarification but did not immediately receive a response.

Related: Crypto hacks and exploits snatch over $300M in Q2 2023

Responding to the recent news, crypto and startup lawyer Orlando.btc commented that the move could be good for the overall decentralized finance ecosystem.

The indictment indicates that the U.S. Department of Justice will “pursue criminal charges if a person intentionally uses a protocol in a way that it was not *intended* to be used.”

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Should crypto projects ever negotiate with hackers? Probably