A hacker has faced legal charges from the New York District Attorney’s office for exploiting a decentralized exchange (DEX) on the Solana blockchain. The individual stands accused of taking advantage of vulnerabilities in the DEX’s smart contracts, resulting in substantial financial losses. This case marks a significant milestone as Damian Williams, the district attorney of the Southern District of New York (SDNY), has filed the first-ever criminal charges for an attack on a smart contract in the decentralized crypto exchange (DEX) sector.
As per an official statement released on July 11, Shakeeb Ahmed, identified as a senior security engineer at an international tech company, stands accused of exploiting his role to engage in fraudulent activities. District Attorney Williams disclosed that the stolen funds involved in the case totaled around $9 million in various cryptocurrencies. Notably, a significant portion of the misappropriated funds has been voluntarily returned by the perpetrator.
The attack involved exploiting a vulnerability in the DEX’s smart contract to generate inflated fees through flash loans, leading to significant financial losses for DEX users. By borrowing a large sum of cryptocurrency and executing trades, the attacker manipulated the market artificially, thereby increasing associated fees. Once the trades were completed, the attacker repaid the loan, often leaving no trace of fraudulent activity.
However, law enforcement was able to track down the culprit by following the trail left by the attacker’s complex transfers across different crypto blockchains and overseas exchanges. A joint task force, including the Money Laundering and Transnational Criminal Enterprises Unit, as well as the Complex Frauds and Cybercrime Unit, is prosecuting the case.
Although the specific DEX targeted in the attack was not disclosed, previous reports suggest that Crema Finance, a Solana-based liquidity protocol, was targeted by an unidentified hacker in July 2022, resulting in the theft of $9.6 million worth of cryptocurrency. The return of stolen funds and the mention of a platform on the Solana blockchain in the press release suggest a potential link between the Crema Finance incident and the recent smart contract attack case. However, no official confirmation has been provided connecting the two incidents at this time.