Unmasking the Alleged Crypto Heist: Cybersecurity Professional Accused of Stealing $9M

The U.S. government has leveled accusations against a cybersecurity professional, claiming that he hacked a cryptocurrency exchange and made off with
crypto(Image credit: Traxer / Unsplash)

The U.S. government has leveled accusations against a cybersecurity professional, claiming that he hacked a cryptocurrency exchange and made off with approximately $9 million in cryptocurrency. This incident appears to involve an ethical hacker who went rogue but then attempted to restore an appearance of ethical behavior.

On Tuesday, the U.S. Attorney's Office of the Southern District of New York issued a press release announcing the indictment of Shakeeb Ahmed, aged 34. Ahmed is described as a "senior security engineer for an international technology company" with expertise in reverse engineering smart contracts and conducting blockchain audits, skills that he allegedly utilized to carry out the attack.

Although the press release does not disclose Ahmed's exact place of employment, his LinkedIn profile states that he held the position of senior security engineer at Amazon. August Aldebot-Green, a spokesperson for Amazon, confirmed that Shakeeb Ahmed is no longer an employee of the company. This statement was made in response to Ahmed's LinkedIn profile, which previously indicated that he held a senior security engineer position at Amazon.

While the victim's identity remains undisclosed by the prosecutors, cryptocurrency news website CoinDesk reported that the attack aligns with the incident that targeted Crema Finance, a Solana-based exchange, in early July 2022. This timeframe coincides with the dates of July 2 and 3, which are also mentioned in connection with Ahmed's alleged hacking activities against an unnamed exchange.

During this particular attack, the hacker returned approximately $8 million in cryptocurrency and retained the remainder. The Department of Justice (DOJ) prosecutors stated in their press release that Ahmed "had communications with the Crypto Exchange in which he decided to return all of the stolen funds except for $1.5 million if the Crypto Exchange agreed not to refer the attack to law enforcement."

This practice of negotiating with victims and returning some of the stolen cryptocurrency is not uncommon in the world of crypto and web3. Hackers who engage in such actions have sometimes referred to themselves as "white hats," a term commonly used in cybersecurity to describe hackers with good intentions. However, it is evident that these hackers have distorted the original meaning of the term, as their activities exist within a gray area, to say the least.

As this case demonstrates, even if hackers return a portion of the stolen cryptocurrency, it does not guarantee immunity from prosecution.

The federal authorities emphasized that Ahmed, who is facing charges of wire fraud and money laundering, utilized the skills he acquired through his employment to carry out the theft.

According to the indictment, Ahmed exploited a vulnerability within the exchange, introducing "fake pricing data to fraudulently generate millions of dollars' worth of inflated fees, which he did not actually earn but was still able to withdraw." Subsequently, the indictment alleges that Ahmed laundered the stolen cryptocurrency "through a series of transactions," including token swaps and transferring the proceeds from the Solana blockchain to the Ethereum blockchain, among other methods.

Additionally, Ahmed purportedly conducted online searches related to the hack, his own criminal liability, legal experts specializing in similar cases, the possibility of law enforcement investigating such an attack, and methods of evading criminal charges by fleeing the United States.