U.S. Department of Justice Arrests Engineer Over $9M Crypto Theft

The DOJ alleged that Shakeeb Ahmed stole $9 million from a crypto exchange that operates on Solana, through a flash loan attack last year.

AccessTimeIconJul 11, 2023 at 4:39 p.m. UTC
Updated Jul 12, 2023 at 2:46 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

The U.S. Department of Justice (DOJ) arrested a security engineer on wire fraud and money laundering charges, alleging he stole $9 million worth of crypto from an unnamed decentralized cryptocurrency exchange.

The DOJ alleged that Shakeeb Ahmed was able to "fraudulently obtain" $9 million worth of crypto from an unnamed decentralized cryptocurrency exchange (DEX) by creating fake pricing data to generate fees that he was then able to withdraw. Police arrested Ahmed on Tuesday.

"In July 2022, Ahmed carried out an attack on the Crypto Exchange by exploiting a vulnerability in one of the Crypto Exchange’s smart contracts and inserting fake pricing data to fraudulently cause that smart contract to generate approximately $9 million dollars’ worth of inflated fees that Ahmed did not legitimately earn, which fees Ahmed was able to withdraw from the Crypto Exchange in the form of cryptocurrency," a DOJ press release said.

The DEX in question operates on the Solana blockchain, the DOJ said. Ahmed allegedly took out flash loans worth "tens of millions of dollars," deposited them in the DEX's liquidity pool, withdrew the funds and claimed a large percent as fees. He took out at least twenty one flash loans, according to a copy of the indictment.

Ahmed then tried to launder the funds by converting them into different cryptocurrencies, moving them across blockchains, converting into monero (XMR) and sending them through different crypto exchanges, the DOJ alleged.

Ahmed also offered to return most of the funds to the DEX in question provided the developers not reach out to law enforcement, the DOJ said.

While the DOJ did not explicitly name the DEX, the description matches last year's theft from Crema Finance, a Solana-based DEX. The attacker was able to take more than $9 million from the DEX last July, later returning around $8 million and keeping about $1.7 million.

Other details in the indictment also suggest that Crema could be the affected exchange. Ahmed allegedly read a news article titled "[Crypto Exchange] Vulnerability Causes DeFi Clients to Lose Millions," matching an FXLeaders article.

Crema Finance developers could not be immediately reached for comment.

Edited by Aoyon Ashraf.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Nikhilesh De

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.