Shakeeb Ahmed, a cybersecurity engineer convicted of stealing around $12 million in crypto, was sentenced on Friday to three years in prison.
In a press release, the U.S. Attorney for the Southern District of New York announced the sentence. Ahmed was accused of hacking into two cryptocurrency exchanges, and stealing around $12 million in crypto, according to prosecutors.
Adam Schwartz and Bradley Bondi, the lawyers representing Ahmed, did not immediately respond to a request for comment.
When Ahmed was arrested last year, the authorities described him as “a senior security engineer for an international technology company.” His LinkedIn profile said he previously worked at Amazon. But he wasn’t working there at the time of his arrest, an Amazon spokesperson told TechCrunch.
While the name of one of his victims was never disclosed, Ahmed reportedly hacked into Crema Finance, a Solana-based crypto exchange, in early July 2022.
Then, weeks later, he hacked into Nirvana Finance. Ahmed stole $9 million and $3.6 million in those two hacks, respectively. In the case of Nirvana Finance, the stolen funds “represented approximately all the funds possessed by Nirvana,” which led Nirvana Finance to shut down, according to the press release.
Ahmed pleaded guilty to having carried out both cyberattacks.
Contact Us
Do you have information about cryptocurrency heists and hacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.After he hacked Crema, Ahmed contacted the company in an attempt to return the stolen funds, except for a fee of $1.5 million — a sort of unofficial finder’s fee — and a promise that Crema wouldn’t report the attack to the authorities. Crema declined, and Ahmed was eventually apprehended.
While this type of deal is unusual in the cybersecurity world, it has become normalized in the crypto world. These deals are often referred to as “white hatting,” even though it involves hacking a target and stealing a victim’s funds without their consent, which is more akin to what a “black hat” hacker would typically do. Ahmed’s case shows that while the crypto industry has accepted that this type of deals are sometimes the cost of doing business, law enforcement doesn’t see it the same way.
Apart from three years in prison, Ahmed was also sentenced to three years of supervised release, and ordered to forfeit $12.4 million “and a significant quantity of cryptocurrency and pay restitution to the Crypto Exchange and Nirvana in the amount of over $5 million,” according to the prosecutors’ press release.