Trusted

New York DA Brings First-Ever Charges for Attack on Crypto Exchange’s Smart Contract

3 mins
Updated by Michael Washburn
Join our Trading Community on Telegram

In Brief

  • The district attorney for the Southern District of New York detailed aggressive actions against a crypto scammer during a Tuesday press conference.
  • The alleged bad actor found weaknesses in a crypto exchange's smart contract and exploited them to trick the exchange about the liquidity he had inserted.
  • Then, acording to New York law enforcement, the scammer attempted to launder his millions of dollars' worth of ill-gotten gains by various methods.
  • promo

As regulators and law enforcement worldwide vie to show how tough they are on cryptocurrency fraud and scams, Damian Williams, District Attorney for the Southern District of New York (SDNY), on Tuesday announced a major bust.

In a clip posted on Twitter, Williams stated that his office had racked up a law-enforcement first. Namely, the first-ever charges against the bad actor behind an attack on a smart contract on a decentralized cryptocurrency exchange. The SDNY’s indictment does not name the exchange, saying only that it launched overseas and runs on the Solana blockchain.

The SDNY District Attorney’s Indictment

Williams said that Shakeeb Ahmed, “a senior security engineer at an international technology company,” defrauded the exchange’s users of about $9 million in cryptocurrency. Ahmed then allegedly laundered the stolen funds by swapping currencies, moving among blockchains, and hiding money in far-flung exchanges.

But none of these maneuvers were enough to evade Williams’s office and its law enforcement partners, the DA said. Williams described his office as at the forefront of nabbing bad actors who misuse new technologies to commit what are, at bottom, old types of fraud.

The SDNY indictment details not only Ahmed’s alleged misdeeds, but continuing vulnerabilities in crypto exchanges. According to the indictment, Ahmed in July 2022 was a senior security engineer at “a leading international technology company” not affiliated with the exchange that fell victim.

His background came in handy here. Ahmed allegedly drew upon his knowledge of reverse engineering smart contracts and blockchain audits to carry out the theft.

Exchanges are aware of the problem, but the rise of anti-money laundering software fails to keep pace with the sophistication of cyber thieves using untraceable currencies. Source: Statista

Bilking the Exchange

The unnamed exchange is a market maker. It lets those who deposit cryptocurrency into its liquidity pools set the price ranges for trading of that money, according to the indictment.

Ahmed reputedly found a vulnerability in the exchange allowing for the insertion of bogus pricing data. On or around July 2, the indictment states, Ahmed struck. He tricked the exchange by establishing “position” accounts which he disguised as “tick” accounts purporting to present legitimate data about how much liquidity their user had provided for a given price range.

The bad actor allegedly did this to deceive the exchange’s smart contract. This complex scheme resulted in Ahmed receiving millions of dollars’ worth of fees that he had not actually earned, the indictment states.

Despite the bogus nature of the pricing data, the exchange did not spot the fraud. Ahmed withdrew the so-called earnings and proceeded to launder them, claims the indictment.

In addition, Ahmed reputedly made use of “flash loans” from an unnamed crypto lender to appear to add more liquidity, mislead the exchange further, and generate inflated fees for himself. The use of flash loans in crypto fraud is on the rise and was the subject of a recent De.Fi report.

In all, he amassed $9 million in ill-gotten funds.

Hiding the Theft

The indictment details a number of methods Ahmed allegedly used to cover his tracks. Besides engaging in token swaps, the defendant “bridged” his illicit gains from the Solana blockchain over to Ethereum.

He also reportedly transferred some of the money into Monero, which the indictment calls “an anonymized and particularly difficult cryptocurrency to trace.”

It goes on to describe a panicked response on Ahmed’s part to his own theft. Including online searches about the reach of law enforcement in the face of such a crime. He also did research on fleeing the country.

Ahmed also reputedly gave some of the stolen funds back to the exchange. But only on the condition that it not go to the police over what had happened. Yet, of the stolen $9 million, he still kept about $1.5 million.

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

frame_2192__1_.png
Michael Washburn
Michael Washburn is a New York-based managing editor who joined BeInCrypto in March 2023. Over his career, he written extensively about the corporate legal world and the intersection of finance and law, has produced thousands of articles and features, and has mentored many reporters and researchers finding their way in a fast-changing industry.
READ FULL BIO
Sponsored
Sponsored