The district attorney for the Southern District of New York detailed aggressive actions against a cryptocurrency scammer during a press conference. The alleged bad actor found weaknesses in an exchange’s smart contract and exploited them to mislead the exchange about the liquidity it had inserted. According to the NYPD, the scammer attempted to launder his millions of dollars in illicit proceeds through various methods.
As regulators and law enforcement around the world race to show how tough they are on cryptocurrency fraud and scams, Damian Williams, District Attorney for the Southern District of New York (SDNY), announced in a major bust.
In a clip posted to Twitter, Williams stated that his office had racked up a law enforcement first. Namely, the first charges against the bad actor behind a hack into a smart contract on a decentralized cryptocurrency exchange.
The SDNY District Attorney’s Indictment
SDNY’s indictment does not name the exchange, saying only that it launched overseas and runs on the Solana Blockchain. Williams said that Shakeeb Ahmed, “a senior security engineer at an international technology company,” defrauded exchange users out of around $9 million worth of cryptocurrency. Ahmed then allegedly laundered the stolen funds by swapping currencies, moving between Blockchains, and hiding money on remote exchanges.
However, none of these maneuvers was enough to evade Williams’ office and his law enforcement associates, the prosecutor said. Williams described his office as a leader in catching bad actors who misuse new technologies to commit what are, at heart, old types of fraud.
The SDNY indictment details not only Ahmed’s alleged misdeeds, but also ongoing vulnerabilities in cryptocurrency exchanges. According to the indictment, Ahmed in July 2022 was a senior security engineer at “a leading international technology company” that was not affiliated with the exchange that fell victim. Ahmed allegedly relied on his knowledge of reverse-engineering smart contracts and Blockchain audits to carry out the theft.
Scamming the Exchange
The unnamed exchange is a market maker that allows those who deposit cryptocurrency into their liquidity pools to set the price ranges for trading that money, according to the indictment.
Ahmed is said to have found a vulnerability on the exchange that allowed false price data to be inserted. On or about July 2, according to the indictment, Ahmed attacked. He misled the exchange by setting up “position” accounts that he disguised as “tick” accounts that purported to present legitimate data on how much liquidity his user had provided for a given price range.
The bad actor allegedly did this to trick the exchange’s smart contract so that he could receive millions of dollars in fees that he did not actually earn. Despite the false nature of the pricing data, the exchange failed to detect the fraud. Ahmed withdrew the alleged proceeds and laundered them.
Furthermore, Ahmed is said to have made use of “quick loans” from an unidentified crypto lender to add more liquidity, further deceive the exchange, and generate inflated fees for himself. The use of flash loans in crypto fraud is on the rise and was the subject of a recent DeFi report. In total, he accumulated $9 million in ill-gotten funds.
The indictment details a number of methods Ahmed allegedly used to cover his tracks. However, of the $9 million stolen, he still kept $1.5 million.
By Audy Castaneda
