Key takeaways:
- The “first-ever criminal case” involving an assault on a smart contract run by a DEX was announced.
- A senior security engineer is accused of stealing $9 million in cryptocurrencies from a decentralized exchange.
An international technology company’s former security engineer has been detained and accused of stealing $9 million in cryptocurrencies from a decentralized exchange in Solana via a smart contract glitch.
The “first-ever criminal case” involving an assault on a smart contract run by a decentralized exchange (DEX) was announced by Damian Williams, United States Attorney for the Southern District of New York, on June 11.
According to the DOJ’s press release, Shakeeb Ahmed was able to “fraudulently obtain” $9 million worth of cryptocurrencies from an unidentified decentralized cryptocurrency exchange (DEX) by fabricating price data to produce fees that he was then able to withdraw.
According to Williams, the attack took place in July 2022 and was directed at a DEX with a Solana location. The assault includes using flash loans to generate inflated fees by taking advantage of a weakness in the exchange’s smart contracts.
Then he withdrew them and cleaned them up via a series of intricate blockchain transfers in which he traded cryptocurrencies, bounced between multiple crypto blockchains, and used international cryptocurrency exchanges.
Most of the money was later returned to the exploiter, although he was permitted to keep $1.6 million as a white hat bounty. William’s statement also mentioned that Ahmed returned all of the stolen money, with the exception of $1.5 million, in exchange for the crypto exchange not reporting the incident to police enforcement. He stated:
“None of those actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop my office or our law enforcement partners from following the money,”
Although the DOJ did not specifically name the DEX, the description fits the theft from Crema Finance, a DEX with a Solana location, that occurred last year. In July of last year, the attacker was successful in stealing more than $9 million from the DEX, returning around $8 million and keeping roughly $1.7 million.
Ahmed was detained in New York and charged with wire fraud and money laundering concerning the DEX attack in Solana in July 2022.
In June, for his involvement in the SIM swap attack in April 2019 that resulted in the theft of cryptocurrencies valued at $794,000, a British hacker was given a five-year prison sentence in the United States.