A former Amazon engineer pleaded guilty to hacking two cryptocurrencies this week, his first conviction for hacking smart contracts.
Former Amazon security engineer Shakib Ahmed has been sentenced to five years in prison and must forfeit $12.3 million in stolen cryptocurrencies, the U.S. Attorney for the Southern District of New York announced.
The 2022 attacks targeted Nirvana Finance and the second anonymous cryptocurrency on the Solana blockchain.
Blockchain is essentially a digital ledger that allows users to store information, including financial transactions, in a decentralized environment. One of the advantages of blockchain is security, as the stored information cannot be changed.
Ahmed took advantage of the exchange's lack of smart contracts, According to the U.S. Attorney, this allowed him to provide falsified information that led to contracts worth millions of dollars in inflated fees that he did not earn.
Smart contracts are blockchain programs that, like an automaton, perform certain functions when predetermined conditions are met. For example, a landlord renting out an apartment can use a smart contract that requires the tenant to transfer a deposit in order to receive a code from the apartment door.
According to the U.S. Attorney, Ahmed was able to complete the steps necessary to pay out large sums of money on exchanges using special skills he acquired while working at Amazon.
Ahmed then tried to cover his tracks by trading on an anonymous crypto exchange. He said he would agree to return all of the stolen funds, minus $1.5 million, if the exchange agreed not to go to law enforcement about the hack. prosecutors said.
After the first exchange was hacked, Ahmed launched Nirvana ANA, a cryptocurrency that aims to inflate the price of any token after a large amount is purchased. Using a solution in Nirvana's smart contract, Ahmed can buy $10 million worth of ANA tokens at an artificially low price and sell for $3.6 million. U EARNINGS
"Nirvana offered AHMED $600,000 as a 'wrongdoing reward' for the return of the stolen funds, but AHMED demanded $1.4 million, disagreed with Nirvana and stole all the funds," the U.S. Attorney said. "The $3.6 million stolen from AHMED represents nearly all of the funds belonging to Nirvana, which eventually closed its doors shortly after the AHMED raid."
Ahmed stole more than $12 million and "attempted to cover his tracks by exchanging the stolen cryptocurrencies for Monero, using cryptocurrency mixers, verifying blockchains and using foreign crypto exchanges," US Attorney Damian Williams said.
Representatives for the US Attorney for the Southern District of New York did not immediately respond to Business Insider's request for comment.
In theory, the advantage of a smart contract is to remove the risk of fraud by an intermediary or, for example, a middleman. However, the software is vulnerable to hacking attacks.
In 2022, about $2.2 billion worth of cryptocurrency was stolen from decentralized finance (DeFi) projects that allow people to conduct financial transactions without relying on third parties or financial institutions such as banks.
The New York Times reported that many of the thefts were made by exploiting weaknesses in smart contracts. Because smart contracts are based on open source code, hackers can learn about the inner workings of the software and exploit loopholes.