Decentralized Crypto Exchange

Decentralized Crypto Exchange: Attacker Made $9M In Crypto

The United States Department of Justice has arrested a computer security engineer, Shakeeb Ahmed, for allegedly launching an attack on a decentralized crypto exchange.

The case is being called the first of its kind, involving the exploitation of a smart contract vulnerability on the Solana blockchain.

The attack allowed Ahmed to fraudulently generate approximately $9 million worth of inflated fees.

According to DOJ, the charges against Ahmed include wire fraud and money laundering, each carrying a maximum sentence of 20 years in prison.

The Decentralized Crypto Exchange and the Attack

The exchange targeted in the attack is an overseas-based decentralized cryptocurrency exchange operating on the Solana blockchain.

Users were allowed to exchange various cryptocurrencies on the platform, and those who provided liquidity on the exchange were paid fees.

Ahmed executed the attack in July 2022 by exploiting a vulnerability in one of the exchange’s smart contracts.

He inserted fake pricing data into the contract, causing it to generate inflated fees, which he then withdrew as cryptocurrency.

The Attacker

Shakeeb Ahmed (the alleged attacker) was employed as a senior security engineer at an international technology company.

His resume listed specialized skills, including reverse engineering smart contracts and blockchain audits, which he allegedly utilized to execute the attack.

Following the theft, Ahmed engaged in various attempts to conceal the stolen funds’ source and ownership.

He used token-swap transactions, “bridged” fraud proceeds from the Solana blockchain to the Ethereum blockchain, exchanged funds into Monero (a difficult-to-trace cryptocurrency), and utilized overseas cryptocurrency exchanges in his money laundering efforts.

Attempted Cover-Ups

After stealing the fees, Ahmed communicated with the crypto exchange, offering to return all but $1.5 million of the stolen funds if they agreed not to report the attack to law enforcement.

In an attempt to evade detection, Ahmed conducted various online searches related to his criminal activities, including information about the attack, his potential criminal liability, defense attorneys with expertise in similar cases, and methods to avoid extradition and retain the stolen cryptocurrency.

According to HSI Special Agent in Charge, Chad Plantz

Financial crime strikes at the core of our national and economic banking security.  With an attack of this magnitude, it’s crucial we ensure continued consumer confidence in our financial system.  Ruthless and reckless attempts aimed to sabotage legitimate commerce for greed must be stopped.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Photo by Traxer on Unsplash

HPH Healthcare Cyber Guide: Key Security Insights

DORA: An Overview of the EU’s Digital Operational Resilience Act

US Consumer Watchdog Proposes Rules to Regulate Data Brokers

Fortifying WhatsApp: A Look at New Security Features