Shakeeb Ahmed, a 34-year-old senior security engineer, has confessed to exploiting the Nirvana Finance protocol and another undisclosed decentralized cryptocurrency exchange, marking a historic conviction for a smart contract hack. Initially charged with wire fraud and money laundering in July, Ahmed will surrender $12.3 million gained from the two exploits and pay $5 million in restitution to the victims. The charges stemmed from Ahmed's discovery of a vulnerability in a smart contract of an unnamed Solana-based exchange, which resembled Crema Finance.
Subsequently, he executed a $3.6 million attack on Nirvana Finance using a flash loan and exploiting vulnerabilities in the platform's smart contracts. Despite Nirvana Finance offering a $600,000 bounty for the return of the stolen funds, Ahmed demanded $1.4 million, and no agreement was reached. To launder the funds, Ahmed employed sophisticated methods such as token-swap transactions, bridging fraud proceeds between the Solana and Ethereum blockchains, converting fraud proceeds into Monero (a challenging-to-trace cryptocurrency), using overseas crypto exchanges, and utilizing cryptocurrency mixers like Samourai Whirlpool. Facing a maximum prison sentence of five years, Ahmed is scheduled for sentencing on March 13.
