The sentencing marks the first time someone has been convicted for hacking a smart contract.

US attorney Damian Williams said:

“No matter how novel or sophisticated the hack, this Office and our law enforcement partners are committed to following the money and bringing hackers to justice. And as today’s sentence shows, time in prison — and forfeiture of all the stolen crypto — is the inevitable consequence of such destructive hacks.”

Ahmed was also ordered to forfeit approximately $12.3 million and a significant quantity of crypto and pay over $5 million in restitution to the unnamed crypto exchange and Nirvana.

The hacks

In 2022, Ahmed hacked the smart contracts of two decentralized crypto exchanges, including Nirvana and an unnamed protocol, for a substantial amount of a digital asset.

The DOJ said Ahmed manipulated pricing data on the unnamed platform to siphon approximately $9 million in inflated fees and withdrew the funds in crypto. Subsequently, Ahmed agreed to return around $7.5 million under the condition that the exchange refrains from involving law enforcement.

Shortly after, Ahmed targeted Nirvana Finance, stealing about $3.6 million. According to the DOJ, Ahmed exploited Nirvana’s smart contracts to purchase crypto at lower prices from the exchange and sold it at higher prices.

Despite the exchange offering a $600,000 bounty, Ahmed demanded $1.4 million, leading to a stalemate and the retention of all stolen funds, culminating in the exchange’s closure.

Subsequently, Ahmed laundered the stolen digital assets using sophisticated techniques such as token-swap transactions and advanced crypto mixers like Samourai Whirlpool.

At the time of these thefts, Ahmed was a senior security engineer for an unnamed international technology company.