A former software security engineer at Amazon, Shakeeb Ahmed, has pleaded guilty to computer fraud charges in connection with the hacking of Nirvana Finance and another unnamed decentralized exchange (DEX). This marks the first conviction of its kind, with Ahmed being the first individual convicted for hacking a smart contract for a DEX.
Ahmed exploited a vulnerability in one of the DEX’s smart contracts, inserting fake pricing data to generate approximately $9 million worth of inflated fees. The attack on Nirvana Finance utilized a flash loan exploit, a type of loan that doesn’t require upfront collateral and repays the borrowed assets within the same transaction block.
After the exploit, Nirvana Finance offered Ahmed a white-hat bounty for returning the stolen funds, which initially started at $300,000 and later increased to $600,000. However, Ahmed did not comply with the request and instead demanded $1.4 million. Eventually, Ahmed sold off the stolen assets, resulting in the closure of Nirvana Finance.
Ahmed has agreed to forfeit $12.3 million, including $5.6 million in cryptocurrency. He is set to pay $5 million in restitution to the victims of the exploit. Sentencing by US District Judge Victor Marrero is scheduled for March 13, 2024, with the charge carrying a maximum sentence of five years in prison.
Ahmed’s employment at Amazon has been confirmed by a company spokesperson, although his LinkedIn profile is currently unavailable.
This News Article was automatically generated by Bob the Bot (AI)
Information | Details |
---|---|
Geography | North America |
Countries | |
Sentiment | neutral |
Relevance Score | 1 |
People | Shakeeb Ahmed |
Companies | Nirvana Finance, Crema Finance, US Attorney’s Office, Coindesk, Amazon |
Currencies | COIN |
Securities | None |