Full Story: US Announces First Criminal Case Involving Attack on DEX Smart Contracts

Original compilation: Wu said blockchain

The U.S. Department of Justice has announced the first criminal case involving an attack on a smart contract run by a DEX. Shakeeb Ahmed, a senior security engineer at an international technology company, used his expertise to defraud a decentralized exchange on Solana and its users, stealing around $9 million in cryptocurrency. He negotiated with the cryptocurrency exchange after stealing fees that were never obtained legally, and decided that if the cryptocurrency exchange agreed not to report the attack to law enforcement, he would return the stolen funds but asked to keep 150 Ten thousand U.S. dollars. Ahmed was charged with wire fraud and money laundering, each carrying a maximum penalty of 20 years in prison.

While the DEX is not named in the indictment, it may be related to the Crema Finance hack that occurred on Solana's infrastructure last year. At the time, a hacker stole $9 million in crypto assets through a flash loan attack, but later returned most of the cash.

The following is the Chinese translation of the full text of the US Department of Justice press release:

U.S. Attorney for the Southern District of New York Damian Williams, Homeland Security Investigations (“HSI”) San Diego Special Agent in Charge Chad Platz, and IRS-Criminal Investigations (“IRS-CI”) Taylor Hatcher, Chief of Special Agents in the Los Angeles Office, announced the unseal of an indictment charging SHAKEEB AHMED with wire fraud and money laundering in connection with his attack on a decentralized cryptocurrency exchange (“CryptoExchange”) . AHMED was arrested this morning in New York and is due to appear before U.S. Magistrate Judge Robert W. Lehrberg this afternoon.

U.S. Attorney Damian Williams said: "This is the second case we have announced this week to uncover fraud in the cryptocurrency and digital asset ecosystem. As stated in the indictment, Shakeeb Ahmed, as a A senior security engineer at an international technology company, used his expertise to defraud the exchange and its users, stealing approximately $9 million in cryptocurrency. We also allege that he then laundered the money through a series of complex transfers on the blockchain, which he Exchange cryptocurrencies, cross-chain in different cryptocurrency blockchains, and use overseas cryptocurrency exchanges. However, none of these actions covered the tracks of the defendants, did not fool law enforcement agencies, and they certainly did not stop my The Office or our law enforcement partners tracked down the money."

HSI Special Agent in Charge Chad Platz said: "Financial crime strikes right at the heart of our national and economic banking security. In the face of an attack of this magnitude, we must ensure that consumers continue to have confidence in our financial system. Ruthless "And reckless attempts to disrupt legitimate commerce to satisfy greed must be stopped. Cases like this demonstrate HSI's commitment and ability to work with willing coalitions to dismantle these sophisticated and highly technical fraudulent schemes and identify those who A person who operates responsibly wherever he operates.”

"AHMED allegedly used his skills as a computer security engineer to steal millions of dollars. He then allegedly tried to hide the stolen funds, but his Skills are no match for the IRS Criminal Investigations Division's Cybercrime Unit. Together with our partners at HSI and the Department of Justice, we are at the forefront of cyber investigations, tracking these fraudsters wherever they try to hide, and letting They are in charge."

According to the indictment's allegations:

The crypto exchange is registered overseas and operates on the Solana blockchain. At all relevant times, the crypto exchange allowed users to exchange different kinds of cryptocurrencies and paid depositors fees for providing liquidity on the exchange.

In July 2022, AHMED launched an attack on the crypto exchange by exploiting a vulnerability in one of the exchange's smart contracts and inserting assumed price data to fraudulently cause the smart contract to generate approximately $9 million worth of Excess fees, which AHMED has not legally obtained, which AHMED is able to withdraw from crypto exchanges in the form of cryptocurrency. This practice defrauded crypto exchanges and their users, whose cryptocurrencies were fraudulently obtained by AHMED. Additional details about the attack, including AHMED's use of cryptocurrency "flash loans" to further defraud the exchange, are described in an indictment filed publicly today.

After he stole fees that he did not legally obtain, AHMED communicated with the crypto exchange, and he decided that if the exchange agreed not to report the attack to law enforcement, he would return all the stolen funds, except for the 1.5 million Dollar.

At the time of the attack, AHMED was a senior security engineer at an international technology company, and his resume reflects his skills in reverse engineering smart contracts and blockchain auditing, among other specialized skills that AHMED used to carry out the attack .

AHMED laundered the millions in fees he stole from crypto exchanges to conceal their origin and ownership, including by: (i) conducting token swap transactions, (ii) transferring the fraudulent proceeds from the Solana blockchain" connected" to the Ethereum blockchain, (iii) exchanging the fraudulent proceeds for Monero, a cryptocurrency that is anonymized and particularly difficult to trace, and (iv) using overseas cryptocurrency exchanges.

In the aftermath of the attack, AHMED scoured the web for information about the attack, his own criminal responsibility, criminal defense attorneys who specialize in similar cases, the ability of law enforcement agencies to successfully investigate the attack, and information on fleeing the United States to avoid criminal charges. For example, about two days after the attack, AHMED searched for the term "defi hack," read several news articles about the exchange being hacked, and visited several pages of the exchange's website. In another example, AHMED searched or visited websites related to the allegations in the indictment, including searches for the terms "wire fraud" and "evidence laundering." Finally, AHMED also searched or visited websites about his ability to flee the US, avoid extradition, and keep stolen cryptocurrency: he searched for "can I cross the border with my cryptocurrency," "how to stop the federal government from seizing assets," and " Buy Citizenship”; he also visited a website called “16 Countries Where Your Investment Can Buy Citizenship….”

The 34-year-old, of AHMED, New York, was charged with wire fraud and money laundering, each of which carries a maximum sentence of 20 years in prison.

The maximum possible sentence is set by Congress and is provided here for the reader's information only, as the actual sentence of the defendant will be determined by the judge.

Mr. Williams commended the excellent work of HSI and IRS-CI. Mr. Williams also thanked the Southern California U.S. Attorney's Office for its help in the investigation.

The case was prosecuted by the Office's Money Laundering and Transnational Criminal Enterprise Unit and Complex Fraud and Cybercrime Unit. Assistant U.S. Attorneys David R. Felton and Kevin Mead are prosecuting.

The allegations in the indictment are only allegations, and the accused shall have the right to the presumption of innocence until proven guilty.

Press release link