Full Text: The United States announces the first criminal case involving an attack on DEX smart contracts.
Original translation: Wu said blockchain
The US Department of Justice announced the first criminal case involving a smart contract attack on a DEX. Shakeeb Ahmed, a senior security engineer at an international technology company, used his expertise to defraud a decentralized exchange and its users on Solana, stealing approximately $9 million worth of cryptocurrency. After stealing funds that were not lawfully obtained, he negotiated with the cryptocurrency exchange and offered to return the stolen funds if they agreed not to report the attack to law enforcement, but requested to keep $1.5 million. Ahmed is charged with telecommunications fraud and money laundering, with a maximum penalty of 20 years in prison for each charge.
Although the name of the DEX is not mentioned in the indictment, it may be related to the Crema Finance hack that occurred on the Solana infrastructure last year. At that time, a hacker used a flash loan attack to steal $9 million worth of cryptocurrency assets, but later returned most of the funds.
Below is the Chinese translation of the full text of the US Department of Justice press release:
Damian Williams, the federal prosecutor for the Southern District of New York, Chad Prantz, Special Agent in Charge of the Homeland Security Investigations (HSI) San Diego office, and Tyler Hachey, Special Agent in Charge of the Criminal Investigation Division (IRS-CI) Los Angeles office, announced unsealed an indictment charging SHAKEEB AHMED with telecommunications fraud and money laundering in connection with his attacks on decentralized cryptocurrency exchanges ("cryptocurrency exchanges"). AHMED was arrested in New York this morning and will appear before United States Judge Robert W. Lehrburger this afternoon.
US Attorney Damien Williams said: "This is the second case we announced this week to expose fraud in the cryptocurrency and digital asset ecosystem. As described in the indictment, Shakeeb Ahmed, a senior security engineer at an international technology company, defrauded exchanges and their clients, stealing approximately $9 million in cryptocurrency. We also charge that he then laundered the proceeds through a series of complex transactions on blockchain, exchanging cryptocurrencies, crossing chains in different cryptocurrency blockchains, and using overseas cryptocurrency exchanges. However, these actions did not hide the defendant's trail, nor did they deceive law enforcement, who of course did not stop my office or our law enforcement partners from tracking this money. "
Hachey, the Special Agent in Charge of HSI, said: "Financial crime strikes at the heart of our nation and the security of our economy's banking. In the face of an attack of this magnitude, we must ensure that consumers continue to have confidence in our financial system. Heartless and reckless attempts to disrupt legitimate commerce to satisfy greed must be stopped. Cases like this one demonstrate HSI's commitment and capacity to dismantle these complex and highly technical fraud schemes, and identify those responsible no matter where they operate. "
IRS-CI Chief Special Agent Tyler Hatch said, "It is alleged that AHMED used his skills as a computer security engineer to steal millions of dollars. He then allegedly attempted to conceal the stolen funds, but his skills were no match for the Cyber Crimes Division of IRS Criminal Investigation. We, along with our partners at HSI and the Department of Justice, are at the forefront of cyber investigations, and we will track down these fraudsters no matter where they try to hide and hold them accountable."
According to the indictment:
The cryptocurrency exchange was registered overseas and operated on the Solana blockchain. Throughout the relevant times, the cryptocurrency exchange allowed users to exchange various types of cryptocurrencies and paid fees to depositors who provided liquidity on the exchange.
In July 2022, AHMED launched an attack on the cryptocurrency exchange by exploiting a vulnerability in a smart contract on the exchange and inserting falsified price data, fraudulently causing the smart contract to generate approximately $9 million in excess fees which AHMED was not entitled to, and AHMED was able to extract these fees from the cryptocurrency exchange in the form of cryptocurrency. This fraudulent activity deceived the cryptocurrency exchange and its users, who had their cryptocurrencies fraudulently obtained by AHMED. Additional details about the attack, including AHMED's further fraudulent use of cryptocurrency "flash loans" to defraud the exchange, are described in the indictment filed today.
After stealing the funds he was not entitled to, AHMED engaged with the cryptocurrency exchange and offered to return all the stolen funds, except for $1.5 million, if the exchange agreed not to report this attack to law enforcement.
At the time of the attack, AHMED was a senior security engineer at an international technology company, and his resume reflected his expertise in reverse engineering smart contracts and blockchain auditing, skills that AHMED employed in carrying out the attack.
AHMED laundered the millions of dollars he stole from the cryptocurrency exchange to conceal their origin and ownership, including through: (i) conducting token exchange transactions, (ii) "bridging" the fraudulent proceeds from the Solana blockchain to the Ethereum blockchain, (iii) converting the fraudulent proceeds to Monero, a privacy-focused and particularly difficult-to-trace cryptocurrency, and (iv) using overseas cryptocurrency exchanges.
After the attack, AHMED searched online for information about the attack, his own criminal liability, criminal defense lawyers specializing in similar cases, law enforcement agencies' ability to investigate the attack, and information on how to avoid criminal charges and flee the United States. For example, approximately two days after the attack, AHMED searched for the term "defi hack," read several news articles about exchanges being hacked, and visited several pages on exchange websites. Another example is that AHMED searched for or visited websites related to the charges in the indictment, including searching for the words "telecom fraud" and "evidence laundering." Finally, AHMED also searched for or visited websites that provide information on how to flee the United States, avoid extradition, and retain stolen cryptocurrency. He searched for terms such as "Can I transit with cryptocurrency?", "How to prevent the federal government from seizing assets," and "Buying citizenship." He also visited a website titled "16 countries where your investments can buy citizenship..."
AHMED, 34, residing in New York, is charged with telecom fraud and money laundering, with each count carrying a maximum sentence of 20 years in prison.
The maximum possible sentence is determined by Congress and is provided here for reader reference only, as the defendant's actual sentence will be determined by the judge.
Mr. Williams commended the excellent work of HSI and IRS-CI. Mr. Williams also thanked the Southern District of California U.S. Attorney's Office for their assistance in the investigation.
The case is being prosecuted by the Office's Money Laundering and Transnational Criminal Enterprises Unit and Complex Frauds and Cybercrime Unit. Assistant U.S. Attorneys David R. Felton and Kevin Mead are in charge of the prosecution.
The charges in the indictment are merely accusations, and the defendant is presumed innocent until proven guilty.
