Security Engineer Arrested Over $9M DEX Hack

U.S. authorities have arrested Shakeeb Ahmed, a security engineer based in New York, alleging that he stole $9M in cryptocurrency from a decentralized exchange. While the complaint does not name the DEX, the details match the July 2022 exploit of Crema Finance, a liquidity protocol based on Solana.

The indictment alleges that Ahmed exploited a vulnerability in the exchange’s smart contracts to insert fake pricing data and generate inflated fees that he was able to withdraw, thereby defrauding the exchange and its users.

“It doesn’t matter whether someone steals money from a bank, or defrauds a decentralized crypto exchange. It’s all fraud, plain and simple. SDNY is watching,” said U.S. Attorney Damian Williams.

Ahmed is further alleged to have laundered the stolen assets by swapping the funds into different cryptocurrencies and transferring them to other blockchains and overseas exchanges.

“[Ahmed] allegedly tried to hide the stolen funds, but his skills were no match for IRS Criminal Investigation's Cyber Crimes Unit,” said IRS-CI Special Agent in Charge Tyler Hatcher.

Also revealed was Ahmed's web search history from August to October 2022, which indicated that he made an effort to research whether his actions would result in prosecution, and how he might flee the U.S. and avoid extradition.

However, in spite of Ahmed’s research and attempts to obfuscate his moves through a series of complex transactions, “none of those actions covered the defendants tracks or fooled law enforcement,” according to Williams.

Flashloan Exploit

Crema suffered an attack in July 2022 after a flashloan facilitated through lending protocol Solend was used by an attacker to manipulate the prices of assets in various liquidity pools and withdraw excessive fees.

Crema was able to recover a majority of the funds, but agreed to a bounty of 45,455 SOL, then valued at $1.6M.