Full text: US announces first criminal case involving attack on DEX smart contract.

US announces first criminal case for DEX smart contract attack.

Compilation | Wu Shuo Blockchain

The US Department of Justice announced its first criminal case involving an attack on a DEX operating smart contract. Shakeeb Ahmed, a senior security engineer at an international technology company, used his expertise to defraud a decentralized exchange on Solana and its users, stealing approximately $9 million worth of cryptocurrency. After stealing the unlawfully obtained fees, he negotiated with the cryptocurrency exchange, offering to return the stolen funds if the exchange agreed not to report the attack to law enforcement, but demanded to keep $1.5 million. Ahmed has been charged with wire fraud and money laundering, each carrying a maximum sentence of 20 years in prison.

While the name of the DEX was not mentioned in the indictment, it may be related to the Crema Finance hack that occurred on the Solana infrastructure last year. At that time, a hacker stole $9 million worth of cryptocurrency assets through a flash loan attack, but later returned most of the cash.

Below is a Chinese translation of the full text of the US Department of Justice press release:

• What is Web4.0 mentioned in the EU’s “Initiative” document? What is its relationship with Web3.0?
• Interpreting Google Play’s Digital Assets Policy: NFTs are allowed to appear in apps and games, but mining on devices is not allowed.
• After Arkham, which data tools still haven’t released their own tokens?

Damian Williams, the US Attorney for the Southern District of New York, Chad P. Readler, the Special Agent in Charge of Homeland Security Investigations (“HSI”) San Diego, and Taylor Hatcher, the Special Agent in Charge of the IRS-Criminal Investigation (“IRS-CI”) Los Angeles Field Office, announced the unsealing of an Indictment charging SHAKEEB AHMED with wire fraud and money laundering in connection with his attack on a decentralized cryptocurrency exchange (“cryptocurrency exchange”). AHMED was arrested this morning in New York and will be presented before United States Magistrate Judge Robert W. Lehrburger this afternoon.

“This is the second case we’ve announced this week to expose fraudulent conduct in the cryptocurrency and digital asset ecosystem,” said US Attorney Damian Williams. “As alleged, Shakeeb Ahmed, a senior security engineer at an international technology company, used his expertise to defraud the exchange and its users, stealing approximately $9 million worth of cryptocurrency. We also charge that he then laundered the proceeds of his fraud through a series of complex transfers on the blockchain, exchanging cryptocurrencies, cross-chain on different cryptocurrency blockchains, and using overseas cryptocurrency exchanges. But these actions did not cover the defendant’s tracks, did not deceive law enforcement, and certainly did not stop my office or our law enforcement partners from tracking this money.”

HSI Special Agent in Charge Chad Pradelli said: “Financial crime strikes at the core of our country and the security of our economy and banks. Faced with attacks of this magnitude, we must ensure that consumers continue to have confidence in our financial system. Ruthless and reckless attempts to disrupt legitimate business to satisfy greed must be stopped. Cases like this demonstrate HSI’s commitment and ability to dismantle these complex and highly technical fraud schemes in partnership with willing alliances and identify those responsible wherever they operate.”

IRS-CI Special Agent in Charge Taylor Haugh said: “Ahmed allegedly used his skills as a computer security engineer to steal millions of dollars. He then allegedly tried to hide the stolen funds, but his skills were no match for the IRS Criminal Investigation Division’s Cyber Crimes Unit. We, along with our partners at HSI and the Department of Justice, are at the forefront of cyber investigations and we will track these fraudsters no matter where they try to hide and hold them accountable.”

According to the indictment:

The encrypted exchange was registered overseas and operated on the Solana blockchain. At all relevant times, the encrypted exchange allowed users to exchange different types of cryptocurrencies and paid fees to depositors who provided liquidity on the exchange.

In July 2022, Ahmed launched an attack on the encrypted exchange, using a vulnerability in a smart contract of the exchange and inserting assumed price data to fraudulently cause the smart contract to generate an excess fee of approximately $9 million, which Ahmed did not legally obtain. Ahmed was able to extract these fees from the encrypted exchange in the form of cryptocurrency. This behavior defrauded the encrypted exchange and its users, whose cryptocurrencies were fraudulently obtained by Ahmed. Additional details about the attack, including Ahmed’s use of cryptocurrency “flash loans” to further defraud the exchange, are described in the indictment filed today.

After stealing the funds he did not legally obtain, Ahmed communicated with the encrypted exchange and decided that if the exchange agreed not to report the attack to law enforcement, he would return all stolen funds, except for $1.5 million.

During the attack, AHMED, a senior security engineer at an international technology company, utilized his specialized skills in reverse engineering smart contracts and blockchain audits, among other things, to execute the attack. AHMED laundered the millions of dollars he stole from the cryptocurrency exchange to conceal the source and ownership of the funds, including by conducting token exchange transactions, transferring fraudulently obtained funds from the Solana blockchain to the Ethereum blockchain, converting fraudulently obtained funds to Monero, an anonymized and particularly difficult-to-trace cryptocurrency, and using overseas cryptocurrency exchanges.

After the attack, AHMED conducted online searches for information about the attack, his criminal liability, criminal defense attorneys specializing in such cases, law enforcement agency success in investigating the attack, and information about avoiding criminal charges and fleeing the United States. For example, approximately two days after the attack, AHMED searched for the term “defi hack,” read several news articles about the exchange being hacked, and visited several pages on the exchange’s website. Another example is that AHMED searched for or visited websites related to the charges in the indictment, including searching for the words “telecom fraud” and “evidence laundering”. Finally, AHMED also searched for or visited websites about his ability to flee the United States, avoid extradition, and retain the stolen cryptocurrency: he searched for terms such as “can I travel with cryptocurrency,” “how to prevent federal government from seizing assets,” and “buying citizenship”; and visited a website titled “16 countries where you can buy citizenship with your investments.”

AHMED, age 34, of New York, New York, is charged with telecommunications fraud and money laundering, each of which carries a maximum sentence of 20 years in prison.

The maximum potential sentence is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

Mr. Williams commended HSI and IRS-CI for their outstanding work. Mr. Williams also thanked the Southern District of California United States Attorney’s Office for its assistance in this investigation.

The case is being prosecuted by the Office’s Money Laundering and Transnational Criminal Enterprises Unit and Complex Frauds and Cybercrime Unit. Assistant United States Attorneys David R. Felton and Kevin Mead are prosecuting the case.

The charges in the indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

News release link:

https://www.justice.gov/usao-sdny/pr/former-security-engineer-international-technology-company-arrested-defrauding

We will continue to update Blocking; if you have any questions or suggestions, please contact us!