White hacker suddenly “blackened” and stole 9 million dollars in cryptocurrency

An American cybersecurity specialist is accused of hacking a crypto exchange and stealing about $9 million worth of cryptocurrencies. Apparently, the white hacker turned black, but he played his law-abiding role to the very end.

Yesterday, the U.S. Attorney’s Office for the Southern District of New York made accusations Shakib Ahmed, 34, a former senior security engineer at an “international technology company”, for grand theft and money laundering.

The specialist resume reflects skills in, among other things, smart contract reverse engineering and blockchain auditing, which are highly specialized and could be used by Ahmed in malicious activities.

The documents of the Ministry of Justice do not specify where exactly Ahmed worked, but in his profile LinkedIn company is listed as a place of work Amazon. To official media inquiries, Amazon representatives confirmed the information, but stated that Ahmed no longer works for the company.

Although prosecutors did not specify which exchange was the victim of the attack, the cryptocurrency news site CoinDesk reported that the description and date of the attack matched the attack on Crema Financean exchange based on Solanawhich happened at the beginning of July 2022. It is these dates that appear in the accusation of the former Amazon security specialist.

After stealing $9 million worth of cryptocurrencies, the hacker reportedly returned most of it back to the crypto exchange as a result of a certain arrangement. In particular, Ahmed offered to keep “only” 1.5 million for “providing pentest services”, and return the remaining 7.5 million to the exchange if it agrees not to transfer information about the attack to law enforcement agencies.

This is a very common practice in the cryptocrime world. Hackers often negotiate with representatives of crypto exchanges about such things, and representatives of such platforms, driven into a corner, as a rule, have nowhere to go, and they go to the conditions of hackers. However, as this case clearly demonstrates, the return of a part of the crypto mining does not mean at all that the attacked company will not apply to the relevant authorities.

“Ahmed used his skills as a computer security engineer to steal millions of dollars. He then allegedly tried to hide the stolen funds, but his skills were no match for the Cybercrime Unit of the Internal Revenue Service’s Criminal Investigation Unit,” proudly claims Special Agent Tyler Hatcher, who works for the Criminal Investigation Division of the IRS.

According to the indictment, Ahmed allegedly exploited a vulnerability on the exchange and inserted “false price data to fraudulently generate millions of dollars worth of inflated fees that he didn’t actually earn but was able to withdraw anyway.”

Then, according to the feds, Ahmed allegedly laundered the stolen cryptocurrency “through a series of transactions”, such as the exchange of tokens, the “transition” from proceeds from the Solana blockchain to the Ethereum blockchain, and others.

Later, Ahmed reportedly searched the Internet for information about the hacker attack, “his criminal responsibility”, lawyers who had experience in such cases, the possibility of investigating such an attack by law enforcement agencies, and “flight from the United States to avoid criminal charges.”

It is quite possible that the hacker would not have been reached if he had been more careful in his search queries. Meanwhile, each of the charges brought against the man carries a maximum sentence of up to 20 years in prison. It is not clear whether the game was worth the candle, but now the attacker clearly regrets that he did not do otherwise a year ago.