New York Prosecutor Goes After Hacker Behind $9M Solana Exchange Heist
- A former security engineer was arrested and charged with stealing $9M in crypto by exploiting a smart contract bug in a Solana-based DEX.
- The “first-ever criminal case” involving a smart contract attack on a DEX.
- Exploiter laundered stolen funds through a “series of complex transfers on the blockchain.
A former security engineer for an international technology firm has been arrested and charged for allegedly using a smart contract bug to steal $9 million in cryptocurrency from a Solana-based decentralized crypto exchange.
The attack happened in July 2022, and the United States Attorney for the Southern District of New York Damian Williams has recently announced the first-ever criminal case involving an attack on a smart contract operated by a decentralized exchange (DEX). According to Williams, the accused, Shakeeb Ahmed, used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency.
The attack was carried out by exploiting a vulnerability in the exchange’s smart contracts to generate inflated fees with flash loans. These were then withdrawn and laundered through a series of complex transfers on the blockchain where Ahmed swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges.
Although Williams did not disclose the DEX that was exploited in July, previous reporting from Cointelegraph reveals that an unknown hacker exploited Solana-based liquidity protocol Crema Finance on July 2, 2022, stealing $9.6 million in cryptocurrency. The exploiter later returned most of the funds but was allowed to keep $1.6 million as a white hat bounty.
Ahmed decided to return all of the stolen funds except for $1.5 million on condition the crypto exchange did not refer the attack to law enforcement. However, none of these actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop the United States Attorney’s Office or its law enforcement partners from following the money. As a result, Ahmed was arrested in New York and has been indicted on charges of wire fraud and money laundering related to the attack of the Solana-based DEX in July 2022, making this a landmark case in the world of decentralized finance.