A former security engineer for an international technology firm has been arrested and charged for allegedly using a smart contract bug to steal $9 million in cryptocurrency from a Solana-based decentralized crypto exchange.
On June 11, the United States Attorney for the Southern District of New York Damian Williams announced the “first-ever criminal case” involving an attack on a smart contract operated by a decentralized exchange (DEX).
In a statement, Williams claims the accused — Shakeeb Ahmed — “used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency.”
U.S. Attorney Damian Williams announces the first-ever criminal case involving an attack on a smart contract operated by a decentralized cryptocurrency exchange pic.twitter.com/j3JPv2L612
— US Attorney SDNY (@SDNYnews) July 11, 2023
Williams said the attack was carried out in July 2022 and was aimed at a Solana-based DEX.
The attack involved exploiting a vulnerability in the exchange’s smart contracts to generate inflated fees with flash loans.
These were then withdrawn and laundered through a “series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges.”
While Williams did not disclose the DEX that was exploited in July, previous reporting from Cointelegraph reveals an unknown hacker exploited Solana-based liquidity protocol Crema Finance on July 2, 2022, stealing $9.6 million in cryptocurrency.
The exploiter later returned most of the funds but was allowed to keep $1.6 million as a white hat bounty.
Similarly, William’s statement also noted that Ahmed decided to return all of the stolen funds except for $1.5 million on condition the crypto exchange did not refer the attack to law enforcement.
“None of those actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop my Office or our law enforcement partners from following the money,” he said.
Ahmed was arrested in New York and has been indicted on charges of wire fraud and money laundering related to the attack of the Solana-based DEX in July 2022.
Cointelegraph contacted Crema Finance for clarification but did not immediately receive a response.
Related: Crypto hacks and exploits snatch over $300M in Q2 2023
Responding to the recent news, crypto, and startup lawyer “Orlando.btc” commented that the move could be good for the overall DeFi ecosystem.
The indictment indicates that the Department of Justice will “pursue criminal charges if a person intentionally uses a protocol in a way that it was not *intended* to be used,”
1/ Today, the US Attorney’s Office for SDNY announced criminal charges for exploiting a DEX on @solana.
What does it mean for the rest of crypto?
Your favorite startup founder & crypto lawyer read the indictment so you don’t have to.
Let’s dig in.https://t.co/NskuEeWgHn
— orlando.btc ⌐◨-◨ (@Orlando_btc) July 11, 2023
Magazine: Should crypto projects ever negotiate with hackers? Probably