U.S. Department of Justice Arrests Engineer Over $9M Crypto Theft

The DOJ alleged that Shakeeb Ahmed stole $9 million from a crypto exchange that operates on Solana, through a flash loan attack last year.

AccessTimeIconJul 11, 2023 at 4:39 p.m. UTC
Updated Jul 12, 2023 at 2:46 p.m. UTC
Drive the Crypto Policy Conversation Forward
October 24, 2023 • Convene • Washington D.C.Where the industry establishes the digital economy’s legal, regulatory and compliance best practices for the future.Register Now

The U.S. Department of Justice (DOJ) arrested a security engineer on wire fraud and money laundering charges, alleging he stole $9 million worth of crypto from an unnamed decentralized cryptocurrency exchange.

The DOJ alleged that Shakeeb Ahmed was able to "fraudulently obtain" $9 million worth of crypto from an unnamed decentralized cryptocurrency exchange (DEX) by creating fake pricing data to generate fees that he was then able to withdraw. Police arrested Ahmed on Tuesday.

"In July 2022, Ahmed carried out an attack on the Crypto Exchange by exploiting a vulnerability in one of the Crypto Exchange’s smart contracts and inserting fake pricing data to fraudulently cause that smart contract to generate approximately $9 million dollars’ worth of inflated fees that Ahmed did not legitimately earn, which fees Ahmed was able to withdraw from the Crypto Exchange in the form of cryptocurrency," a DOJ press release said.

The DEX in question operates on the Solana blockchain, the DOJ said. Ahmed allegedly took out flash loans worth "tens of millions of dollars," deposited them in the DEX's liquidity pool, withdrew the funds and claimed a large percent as fees. He took out at least twenty one flash loans, according to a copy of the indictment.

Ahmed then tried to launder the funds by converting them into different cryptocurrencies, moving them across blockchains, converting into monero (XMR) and sending them through different crypto exchanges, the DOJ alleged.

Ahmed also offered to return most of the funds to the DEX in question provided the developers not reach out to law enforcement, the DOJ said.

While the DOJ did not explicitly name the DEX, the description matches last year's theft from Crema Finance, a Solana-based DEX. The attacker was able to take more than $9 million from the DEX last July, later returning around $8 million and keeping about $1.7 million.

Other details in the indictment also suggest that Crema could be the affected exchange. Ahmed allegedly read a news article titled "[Crypto Exchange] Vulnerability Causes DeFi Clients to Lose Millions," matching an FXLeaders article.

Crema Finance developers could not be immediately reached for comment.

Edited by Aoyon Ashraf.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Nikhilesh De

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.