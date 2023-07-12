Former senior security engineer, Shakeeb Ahmed, has been charged with wire fraud and money laundering in connection with his attack on a decentralized cryptocurrency exchange (the

As alleged in the Indictment:

The Crypto Exchange was incorporated overseas and operates on the Solana blockchain. At all relevant times, the Crypto Exchange allowed users to exchange different kinds of cryptocurrencies and paid fees to users who deposited cryptocurrency to provide liquidity on the Crypto Exchange.

In July 2022, Ahmed carried out an attack on the Crypto Exchange by exploiting a vulnerability in one of the Crypto Exchange’s smart contracts and inserting fake pricing data to fraudulently cause that smart contract to generate approximately $9 million dollars’ worth of inflated fees that Ahmed did not legitimately earn, which fees Ahmed was able to withdraw from the Crypto Exchange in the form of cryptocurrency. This conduct defrauded the Crypto Exchange and its users, whose cryptocurrency Ahmed had fraudulently obtained. Additional details regarding the attack, including Ahmed’s use of cryptocurrency “flash loans” to further defraud the Crypto Exchange, are described in the Indictment publicly filed today.

After he stole the fees he never legitimately earned, Ahmed had communications with the Crypto Exchange in which he decided to return all of the stolen funds except for $1.5 million if the Crypto Exchange agreed not to refer the attack to law enforcement.

At the time of the attack, Ahmed was a senior security engineer for an international technology company* whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the attack.

Ahmed laundered the millions in fees that he stole from the Crypto Exchange to conceal their source and ownership, including through (i) conducting token-swap transactions, (ii) “bridging” fraud proceeds from the Solana blockchain over to the Ethereum blockchain, (iii) exchanging fraud proceeds into Monero, an anonymized and particularly difficult cryptocurrency to trace, and (iv) using overseas cryptocurrency exchanges.

After the attack, Ahmed searched online for information about the attack, his own criminal liability, criminal defense attorneys with expertise in similar cases, law enforcement’s ability to successfully investigate the attack, and fleeing the United States to avoid criminal charges. For example, approximately two days after the attack, Ahmed conducted an internet search for the term “defi hack,” read several news articles about the hack of the Crypto Exchange, and visited several pages on the Crypto Exchange’s website. As another example, Ahmed conducted internet searches or visited websites related to the charges in the indictment, including by searching for the term “wire fraud” and for the term “evidence laundering.” Finally, Ahmed also conducted internet searches or visited websites related to his ability to flee the United States, avoid extradition, and keep his stolen cryptocurrency: he searched for the terms “can I cross border with crypto,” “how to stop federal government from seizing assets,” and “buying citizenship”; and he visited a website titled “16 Countries Where Your Investments Can Buy Citizenship . . .”

Ahmed, 34, of New York, New York, is charged with wire fraud and money laundering, each of which carry a maximum sentence of 20 years in prison.

*Media reports suggest that Ahmed was employed as a senior security engineer at Amazon.