Shakeeb Ahmed, a cybersecurity engineer convicted of stealing approximately $12 million in crypto, was sentenced Friday to three years in prison.
In a press release, the US Attorney for the Southern District of New York announced the sentence. Ahmed was accused of hacking two cryptocurrency exchanges and stealing approximately $12 million in crypto, according to prosecutors.
Adam Schwartz and Bradley Bondi, the attorneys representing Ahmed, did not immediately respond to a request for comment.
When Ahmed was arrested last year, authorities described him as “a senior security engineer for an international technology company.” His Linkedin profile indicates that he previously worked at Amazon. But he was not working there at the time of his arrest, an Amazon spokesperson told TechCrunch.
Even though the name of one of his victims has never been revealed, Ahmed would have been hacked in Crema Finance, a Solana-based crypto exchange, in early July 2022.
Then, a few weeks later, he hacked Nirvana Finance. Ahmed stole $9 million and $3.6 million, respectively, in these two hacks. In the case of Nirvana Finance, the stolen funds “represented virtually all of the funds owned by Nirvana,” leading Nirvana Finance to close its doors, according to the release.
Ahmed pleaded guilty to carrying out both cyberattacks.
Contact us
Do you have information on cryptocurrency heists and hacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or E-mail. You can also contact TechCrunch via SecureDrop.
After hacking Crema, Ahmed contacted the company to try to return the stolen funds, except for a $1.5 million fee – a sort of unofficial finder’s fee – and a promise that Crema would not report the attack to authorities. Crema refused and Ahmed was eventually apprehended.
Although this type of agreement is unusual in the world of cybersecurity, it has become standardized in the world of cryptography. These transactions are often referred to as “white hat” even though they involve hacking a target and stealing a victim’s funds without their consent, which is more akin to what a hacker would typically do “at black hat “. Ahmed’s case shows that while the crypto industry has accepted that these types of deals are sometimes the cost of doing business, law enforcement doesn’t see it the same way.
In addition to three years in prison, Ahmed was also sentenced to three years of supervised release and ordered to forfeit $12.4 million “as well as a significant amount of cryptocurrency and pay restitution to Crypto Exchange and Nirvana of an amount of more than $5 million,” according to the prosecutors’ press release.