Nirvana Finance hacker pleads guilty, agrees to pay restitution to victims

  theblock.co  + 1 more 14 December 2023 19:18, UTC

Shakeeb Ahmed, a 34-year old senior security engineer, admitted he exploited the Nirvana Finance protocol and another unnamed decentralized cryptocurrency exchange, the U.S. Attorney’s Office for the Southern District of New York announced on Thursday.

Ahmed agreed to forfeit $12.3 million obtained from the two hacks. He also will pay the victims restitution totaling $5 million.

«Five months ago, my office announced the first ever arrest involving an attack on a smart contract,» U.S. attorney Damian Williams said in a statement. «That arrest is now the first ever conviction for such a hack.»

Two 2022 exploits

Ahmed was charged with wire fraud and money laundering in July. According to the indictment, he exploited a vulnerability in a smart contract of an unnamed Solana-based exchange, which matched the description of Crema Finance, according to reports.

A few weeks after the first hack, Ahmed carried out a $3.6 million attack on Nirvana Finance that involved a flash loan and an exploit he discovered in the platform’s smart contracts. Nirvana had offered Ahmed a $600,000 bounty in exchange for return of the stolen funds, but he demanded $1.4 million instead, and the parties never reached agreement.

Ahmed laundered the funds «using sophisticated techniques including token-swap transactions, ‘bridging’ fraud proceeds from the Solana blockchain over to the Ethereum blockchain, exchanging fraud proceeds into Monero, an anonymized and particularly difficult cryptocurrency to trace, using overseas cryptocurrency exchanges, and using cryptocurrency mixers such as Samourai Whirlpool,» according to the statement.

Ahmed faces a maximum sentence of five years in prison. He is scheduled to be sentenced on March 13.

Source