DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Former Security Engineer For International Technology Company Arrested For Defrauding Decentralized Cryptocurrency Exchange

Posted on July 12, 2023 by Dissent

First Criminal Case Involving Attack on a Smart Contract Operated by Decentralized Exchange

Damian Williams, the United States Attorney for the Southern District of New York, Chad Plantz, the Special Agent in Charge of the San Diego Field Office of Homeland Security Investigations (“HSI”), and Tyler Hatcher, the Special Agent in Charge of the Los Angeles Field Office of the Internal Revenue Service – Criminal Investigation (“IRS-CI”), announced the unsealing of an Indictment charging SHAKEEB AHMED with wire fraud and money laundering in connection with his attack on a decentralized cryptocurrency exchange (the “Crypto Exchange”).  AHMED was arrested this morning in New York, New York, and will be presented this afternoon before U.S. Magistrate Judge Robert W. Lehrburger.

U.S. Attorney Damian Williams said: “This is the second case we are announcing this week to shed light on fraud in the cryptocurrency and digital asset ecosystem.  As alleged in the indictment, Shakeeb Ahmed, who was a senior security engineer at an international technology company, used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency.  We also allege that he then laundered the stolen funds through a series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges.  But none of those actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop my Office or our law enforcement partners from following the money.”

HSI Special Agent in Charge Chad Plantz said: “Financial crime strikes at the core of our national and economic banking security.  With an attack of this magnitude, it’s crucial we ensure continued consumer confidence in our financial system.  Ruthless and reckless attempts aimed to sabotage legitimate commerce for greed must be stopped.  It’s cases like these that demonstrate HSI’s commitment and ability to work with a coalition of the willing to dismantle these complicated and technical fraud schemes and identify those responsible regardless of where they operate.”

IRS-CI Special Agent in Charge Tyler Hatcher said: “As alleged, Mr. Ahmed used his skills as a computer security engineer to steal millions of dollars.  He then allegedly tried to hide the stolen funds, but his skills were no match for IRS Criminal Investigation’s Cyber Crimes Unit.  We, along with our partners at HSI and the Department of Justice, are at the forefront of cyber investigations and will track these fraudsters anywhere they try to hide and hold them accountable.”

As alleged in the Indictment:[1]

The Crypto Exchange was incorporated overseas and operates on the Solana blockchain.  At all relevant times, the Crypto Exchange allowed users to exchange different kinds of cryptocurrencies and paid fees to users who deposited cryptocurrency to provide liquidity on the Crypto Exchange.

In July 2022, AHMED carried out an attack on the Crypto Exchange by exploiting a vulnerability in one of the Crypto Exchange’s smart contracts and inserting fake pricing data to fraudulently cause that smart contract to generate approximately $9 million dollars’ worth of inflated fees that AHMED did not legitimately earn, which fees AHMED was able to withdraw from the Crypto Exchange in the form of cryptocurrency.  This conduct defrauded the Crypto Exchange and its users, whose cryptocurrency AHMED had fraudulently obtained.  Additional details regarding the attack, including AHMED’s use of cryptocurrency “flash loans” to further defraud the Crypto Exchange, are described in the Indictment publicly filed today.

After he stole the fees he never legitimately earned, AHMED had communications with the Crypto Exchange in which he decided to return all of the stolen funds except for $1.5 million if the Crypto Exchange agreed not to refer the attack to law enforcement.

At the time of the attack, AHMED was a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills AHMED used to execute the attack.

AHMED laundered the millions in fees that he stole from the Crypto Exchange to conceal their source and ownership, including through (i) conducting token-swap transactions, (ii) “bridging” fraud proceeds from the Solana blockchain over to the Ethereum blockchain, (iii) exchanging fraud proceeds into Monero, an anonymized and particularly difficult cryptocurrency to trace, and (iv) using overseas cryptocurrency exchanges.

After the attack, AHMED searched online for information about the attack, his own criminal liability, criminal defense attorneys with expertise in similar cases, law enforcement’s ability to successfully investigate the attack, and fleeing the United States to avoid criminal charges.  For example, approximately two days after the attack, AHMED conducted an internet search for the term “defi hack,” read several news articles about the hack of the Crypto Exchange, and visited several pages on the Crypto Exchange’s website.  As another example, AHMED conducted internet searches or visited websites related to the charges in the indictment, including by searching for the term “wire fraud” and for the term “evidence laundering.”  Finally, AHMED also conducted internet searches or visited websites related to his ability to flee the United States, avoid extradition, and keep his stolen cryptocurrency: he searched for the terms “can I cross border with crypto,” “how to stop federal government from seizing assets,” and “buying citizenship”; and he visited a website titled “16 Countries Where Your Investments Can Buy Citizenship . . .”

*                *                *

AHMED, 34, of New York, New York, is charged with wire fraud and money laundering, each of which carry a maximum sentence of 20 years in prison.

The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by a judge.

Mr. Williams praised the outstanding work of HSI and IRS-CI.  Mr. Williams also thanked the U.S. Attorney’s Office for the Southern District of California for their assistance in the investigation.

The case is being prosecuted by the Office’s Money Laundering and Transnational Criminal Enterprises Unit and Complex Frauds and Cybercrime Unit.  Assistant U.S. Attorneys David R. Felton and Kevin Mead are in charge of the prosecution.

The charges contained in the Indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.


[1] As the introductory phrase signifies, the entirety of the text of the Indictment and the description of the Indictment set forth herein constitute only allegations, and every fact described therein should be treated as an allegation.

U.S. v. Ahmed Indictment

Source:  U.S.A.O., Southern District of New York

Category: Breach Incidents

Post navigation

← Australian infrastructure company Ventia hit with cyberattack
UK: Man jailed for more than three years for attempting to extort money from the company he worked for →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.