Ex-Amazon engineer sentenced to 3 years in prison for $12m crypto hack
A former Amazon software engineer Shakeeb Ahmed was sentenced to three years in prison for exploiting smart contracts.
The breaches in 2022 resulted in the theft of over $12 million in different cryptocurrencies. The trial was the first-ever sentencing for a cyberattack on smart contracts.
Ahmed admitted in December 2023 to manipulating smart contracts. By inserting fraudulent pricing data into the platforms’ contracts, the engineer generated approximately $12 million in unearned profits, which he subsequently withdrew as cryptocurrency.
While the prosecutors chose not to disclose one of the affected platforms, evidence in the indictment suggests it was Crema Finance. The other platform involved was Nirvana Finance, which ceased operations following the hack in July 2022.
Before the incident, Ahmed had led Amazon’s bug bounty program, where he identified and fixed security loopholes in its software. The prosecution, highlighting the novelty of this case involving smart contract hacking, had recommended a four-year prison term.
They acknowledged Ahmed’s cooperation and his restitution of the majority of the stolen funds but emphasized the need for his imprisonment to serve as a deterrent and underscore the gravity of his offenses.
On the other hand, Ahmed’s defense argued for probation instead of prison time, citing his compromised mental health during the time of the hacks and the fact that the stolen funds were largely untouched except for covering a relative’s medical expenses. Ahmed, originally from Saudi Arabia, had his legal team plea for leniency based on the following factors.