Nirvana Exploiter Sentenced to 3 Years in First-Ever Conviction for Crypto Smart Contract Hacking

After conducting a series of hacks on two decentralized cryptocurrency exchanges (DEXs) that resulted in stealing over $12 million worth of crypto, former security engineer Shakeeb Ahmed was sentenced today to three years in prison. This represents the first-ever smart contract hacking conviction in the US.

Ahmed was also required to forfeit the stolen crypto and provide restitution to the affected exchanges.

Engineer Exploits Crypto Vulnerabilities In $12 Million Hacks
As per charging documents and court filings, Ahmed carried out two separate attacks on decentralized exchanges. The first incident occurred on July 2 and 3, 2022, during which he manipulated fake pricing data to generate approximately $9 million in inflated fees. Subsequently, Ahmed withdrew these fees in the form of cryptocurrency.

Following the theft, Ahmed engaged with the exchange, offering to return the stolen funds, excluding $1.5 million, if law enforcement was not involved.

Shortly after, on July 28, 2022, Ahmed targeted another decentralized exchange named Nirvana Finance. By exploiting a vulnerability in Nirvana’s smart contracts, he purchased crypto assets at a lower price than intended and quickly resold them back to Nirvana at a higher price.

Despite Nirvana’s offer of a significant “bug bounty” of up to $600,000 for the return of the stolen funds, Ahmed demanded $1.4 million. This led to the collapse of the exchange, which lost all its possessed funds, about $3.6 million, due to Ahmed’s attack.

From Security Expert To Cybercriminal
The investigation revealed that Ahmed used “advanced money laundering techniques” to mask the source and ownership of the stolen funds. These techniques included token swap transactions, transferring fraud proceeds from the Solana (SOL) blockchain to the Ethereum (ETH) blockchain through “bridging,” converting the funds to Monero, and using overseas exchanges and cryptocurrency mixers like Samourai Whirlpool.

Ahmed, a US citizen, held a senior security engineer position at an international technology company at the time of the attacks. His expertise in reverse engineering smart contracts and conducting blockchain audits were highlighted in his resume, skills he used to execute the hacks.

In addition to the three-year prison sentence, Ahmed also received three years of supervised release. He must forfeit approximately $12.3 million, including a substantial amount of cryptocurrency, and pay the affected exchanges over $5 million in restitution. US Attorney Damian Williams commented on Shakeeb Ahmed’s sentencing, stating that today marks the first-ever conviction for the hack of a smart contract and ordered the forfeit of all stolen crypto. He emphasized the commitment to identifying and bringing hackers to justice, regardless of how sophisticated the hack may be.

The 1-D chart displays the total crypto market cap’s valuation at $2.4 trillion. Source: TOTAL on
Featured image from Shutterstock, chart from

More Info

Leave a Reply

Your email address will not be published. Required fields are marked *

Our Company

Get Latest Updates!

    Get all the latest updates on the crypto scene, including access to exclusive airdrops. @2024. All Rights Reserved.