Former Amazon Engineer Crypto Hacker Searched Google on How to Evade

Updated: 13 July 2023

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

The indictment issued by the Southern District of New York has brought to light the activities of the man who allegedly pilfered $9 million from a nameless decentralized crypto exchange.

Yesterday, we reported how Shakeeb Ahmed, a former Senior Amazon Security Engineer, manipulated a loophole in a decentralized cryptocurrency exchange’s system, inputting fabricated pricing data to acquire inflated fees unlawfully. According to the indictment document, Ahmed used his technical skills, including reverse-engineering smart contracts and blockchain audits, to execute the heist.

Mr. Ahmed is alleged to have utilized his prowess as a cybersecurity engineer to illicitly amass millions of dollars. Despite his attempts to conceal the stolen money, his skills fell short in deceiving the Cyber Crimes Unit of the IRS Criminal Investigation

Ahmed is said to have turned to Google Search following his illegal operation, seemingly in an attempt to avoid being caught by law enforcement.

Tyler Hatcher, an IRS-CI agent, stated, “Mr. Ahmed is alleged to have utilized his prowess as a cybersecurity engineer to illicitly amass millions of dollars. Despite his attempts to conceal the stolen money, his skills fell short in deceiving the Cyber Crimes Unit of the IRS Criminal Investigation.”

Post-theft, Ahmed got in touch with the crypto exchange, proposing to return the majority of the stolen funds if he could keep $1.5 million for himself. He also alerted the exchange about its exploitable “technical vulnerabilities.”

Searched for information related to his cyber crime and how to get away with it

True to human nature, Ahmed searched Google for phrases that were directly linked to his unlawful act. He sought information on “defi hack” and read news pieces that were related to his own crime.

As per the indictment, Ahmed employed a VPN during his raid to mask his IP address. Following his operation, he endeavored to validate whether his VPN usage could be traced back to him.

The event, which transpired in July 2022, set Ahmed on a path of various search queries, as he held his breath to learn if he had successfully evaded the law.

The next month, Ahmed looked up “defi hacks FBI”, “wire fraud”, and “how to demonstrate malicious intent.” In a surprising twist, the charges levied against Ahmed by prosecutors include wire fraud and money laundering.

Ahmed’s further research revolved around topics such as “how to prevent the federal government from asset seizure.” Additionally, he looked into how he could buy citizenship, presumably in a different country, or transport the remaining $1.5 million across international borders, which he had acquired from his operation.

The timeline presented in the indictment matches the July hack of the liquidity protocol CremaFinance. It suggests that Ahmed reached out to the exchange shortly after his July 3rd operation, and proceeded to engage in negotiations with the exchange on July 6th.

This is considered the very first U.S. criminal case for DeFi hacking.