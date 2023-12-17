A former Amazon engineer pleaded guilty this week to hacking two cryptocurrency exchanges.

This is the first time a sentence has been awarded in a case related to hacking of smart contracts.

He faces up to five years in prison and must repay $12.3 million of the stolen money.

A former Amazon engineer pleaded guilty this week to hacking two cryptocurrency exchanges in a landmark case that resulted in the first conviction involving smart contract hacking.

Shakib Ahmed, who previously worked as a security engineer for Amazon, faces up to five years in prison and a fine of $12.3 million, according to a statement from the United States Attorney for the Southern District of New York. The stolen cryptocurrency will have to be confiscated.

The hack, which occurred in 2022, targeted Nirvana Finance and another unnamed crypto exchange on the Solana blockchain.

Blockchain is essentially a digital ledger that allows users to store data, including financial transactions, in a decentralized environment. One advantage of blockchain is security because the stored data cannot be edited.

Ahmed exploited a vulnerability in the exchange’s smart contracts, According to the US Attorney, he was allowed to submit false data, resulting in millions of dollars in inflated fees in contracts he did not earn.

What are smart contracts?

Smart contracts are blockchain programs that, like a vending machine, execute specified actions when predetermined conditions are met. For example, a landlord renting an apartment could use a smart contract in which the tenant must transfer a security deposit to receive the apartment door code.

According to the US Attorney, Ahmed was able to reverse the steps required to pay huge sums to the exchanges by using special skills he developed while working for Amazon.

Ahmed then attempted to cover his tracks by negotiating with an unnamed crypto exchange. He said he would agree to return all of the stolen funds, less than $1.5 million, if the exchange agreed not to contact law enforcement about the hack. Prosecutors said.

After first hacking the exchange, Ahmed targeted Nirvana’s cryptocurrency, ANA, exploiting a function of the cryptocurrency with the intention of increasing the price of each token after purchasing large sums of money. Using a workaround in Nirvana’s smart contract, Ahmed was able to buy $10 million worth of ANA tokens at an artificially low price and sell them for $3.6 million. In Benefit.

According to the US Attorney’s statement, “Nirvana offered AHMED a ‘bug bounty’ of up to $600,000 to return the stolen funds, but AHMED instead demanded $1.4 million, did not settle with Nirvana and Kept all the stolen money with himself.” “The $3.6 million AHMED theft represents almost all of the funds held by Nirvana, which resulted in the AHMED shutdown immediately following the attack.”

U.S. Attorney Damian Williams said in a statement, “Ahmed stole more than $12 million and made his money by swapping the stolen crypto for Monero, using cryptocurrency mixers, leapfrogging blockchains, and using foreign crypto exchanges.” Tried to cover the tracks.”

Representatives for the United States Attorney for the Southern District of New York did not immediately respond to Business Insider’s request for comment.

In theory, the advantage of a smart contract is to eliminate the risk of fraud by an intermediary or, say, a broker. However, the program has been vulnerable to attacks by hackers.

Nearly $2.2 billion worth of cryptocurrencies were stolen in 2022 from decentralized finance (DeFi) projects, which allow people to conduct financial transactions without the need for third parties or financial institutions like banks.

The New York Times reported that many of the thefts were committed by taking advantage of vulnerabilities in smart contracts. Since smart contracts are built on open-source code, hackers can make themselves aware of the inner workings of the software and exploit any vulnerabilities.

