US Court Makes History with Prison Sentence for Smart Contract Hacker

In a significant legal milestone, a United States (US) court has sentenced Shakeeb Ahmed to three years in prison for his involvement in hacking two decentralised exchanges (DEX) built on Solana, as announced by the US Department of Justice on 12 April.

This marks the first instance of a conviction related to smart contract hacking.

US attorney Damian Williams expressed that:

"No matter how novel or sophisticated the hack, this Office and our law enforcement partners are committed to following the money and bringing hackers to justice. And as today’s sentence shows, time in prison — and forfeiture of all the stolen crypto — is the inevitable consequence of such destructive hacks."

Alongside the prison term, Shakeeb has been instructed to forfeit approximately $12.3 million in assets, including a substantial amount of cryptocurrency, and pay over $5 million in restitution to the affected crypto exchange and Nirvana.

Shakeeb's Smart Contract Hacks Go Back to 2022

His illicit activities date back to 2022 when he exploited vulnerabilities in the smart contracts of two DEXes, one being Nirvana, resulting in the theft of digital assets valued at over $12 million.

The Department of Justice revealed that Shakeeb manipulated pricing data on the unnamed exchange to extract inflated fees totalling around $9 million, which he subsequently withdrew in cryptocurrency.

Following this incident, he targeted Nirvana Finance, pilfering approximately $3.6 million by exploiting vulnerabilities in the platform's smart contracts.

Despite Nirvana offering a bounty of $600,000 for information, he demanded $1.4 million, leading to a deadlock and the retention of the stolen funds, ultimately resulting in the exchange's closure.

Shakeeb then attempted to launder the illicitly obtained digital assets using sophisticated methods, including token-swap transactions and advanced crypto mixers such as Samourai Whirlpool.

Remarkably, at the time of these criminal acts, he held a senior security engineer position at an undisclosed international technology firm.

Shakeeb's Defense Team Fighting for No Jail Term

During the sentencing proceedings, prosecutors advocated for a four-year prison term, highlighting that although the statutory maximum was five years, Shakeeb's acknowledgment of guilt and surrender of the illicit proceeds warranted "a slightly below Guidelines variance," as outlined in a sentencing memo filed the previous week.

Conversely, his defense team contended for a non-custodial sentence, citing his admission of wrongdoing and voluntary disclosure of the Nirvana Finance hack to prosecutors as mitigating factors.

The defense filing stated:

"Shakeeb already had been indicted for the Crypto Exchange hack, and the government had offered Shakeeb a deal to plead guilty to that hack. Although Shakeeb knew that disclosing another hack would result in additional consequences, and could take his favourable plea deal off of the table, Shakeeb voluntarily came forward anyway."