by Lydia Ludmila 
It’s the “first ever conviction for such a hack,” according to the DOJ. The hacker will be sentenced in March.
In a precedent-setting case, Shakeeb Ahmed pleaded guilty on Thursday to charges related to hacks on two decentralized cryptocurrency exchanges, including the July attack on Solana decentralized exchange Nirvana Finance.
As part of his plea, the 34-year-old New York native has agreed to forfeit over $12 million in stolen funds.
This marks “the first ever conviction for such a hack,” said Damian Williams, U.S. attorney for the Southern District of New York, in a statement.
Ahmed exploited vulnerabilities in the exchanges’ smart contracts, which are used to automate transactions. At one exchange, he tricked its system into granting him $9 million in false fees last July. From Nirvana Finance, he stole $3.6 million – effectively its entire holdings – also by manipulating smart contracts, prosecutors said.
He was arrested in July.
The senior security engineer then tried to hide the money through cryptocurrency mixing services, blockchain transfers and overseas accounts. He also researched how to flee prosecution, searching for terms like “evidence laundering” and “buying citizenship,” the indictment stated.
After initial charges were filed regarding the first attack in July, Thursday’s plea exposed Ahmed’s role in the previously unsolved case that resulted in Nirvana Finance, a Solana DEX, being exploited. He has agreed to return all embezzled funds to victims.
Prosecutors say that Ahmed used a $10 million flash loan to pull off his attack on Nirvana. He used an exploit he discovered in Nirvana’s smart contracts, to purchase ANA at a low price, rather than at the higher price that Nirvana was designed to charge him in light of the size of his purchase.
And once the price of ANA updated to reflect his large purchase, he resold the ANA and netted approximately $3.6 million profit.
Once Nirvana realized what happened, it offered the security engineer a bug bounty of up to $600,000 if he would return the rest of the funds. But Ahmen demanded he be allowed to keep $1.4 million. When Nirvana refused, the talks soured and he kept all the stolen funds.
The $3.6 million in stolen funds represented almost all the funds held by the Solana decentralized exchange, which as a result shut down shortly after Ahmed’s attack.
Williams said the conviction “shows that no matter how sophisticated the methods used, fraud is fraud, and we will swiftly catch and convict you.”
Mr. Ahmed will be sentenced on March 13 by Judge Victor Marrero in the Southern District of New York. He faces up to 5 years in prison for computer fraud.
