Shocking! Ethical hacker goes rogue, steals cryptocurrency worth $9 mn

In a shocking incident, the US government arrested an individual and accused him of hacking into a crypto exchange and stealing cryptocurrency worth $9 million. The fraud seemingly started as an ethical hack of sorts by the engineer and then he went rogue. As per the indictment, the accused, Shakeeb Ahmed, used his expertise in the field to defraud the exchange and its users and stole the massive sum. While the report mentions Ahmed is a senior security engineer for an international technology company, it does not mention exactly where he worked. However, a report found out through his LinkedIn page that he was once employed by Amazon. TechCrunch reached out to the company and the spokesperson said he is no longer employed there.

As per the press release by the US Attorney's Office of the Southern District of New York, “As alleged in the indictment, Shakeeb Ahmed, who was a senior security engineer at an international technology company, used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency. We also allege that he then laundered the stolen funds through a series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges,” said US Attorney Damian Williams.

Cybersecurity professional defrauds crypto exchange worth $9 million

Notably, the report did not specify the victim of this cyber attack. However, a report by CoinDesk highlighted that the date and the amount stolen match the attack on Crema Finance, a Solana-powered crypto exchange. The attack took place in July 2022 and the hacker later returned nearly $8 million and kept $1.7 million with himself.

The TechCrunch report also corroborated the information from the DOJ prosecutor, who revealed that Ahmed “had communications with the Crypto Exchange in which he decided to return all of the stolen funds except for $1.5 million if the Crypto Exchange agreed not to refer the attack to law enforcement”.

It is a common practice in the world of cybersecurity. Such criminals call themselves white hats and claim they have good intentions. After stealing a big amount, they could contact the victim entity and negotiate to return 80-85 percent of the stolen money, keeping a “bounty” of sorts with themselves for exposing the security vulnerability, if law enforcement is not referred to.

However, it should be noted that, as can be seen here, returning a part of the loot, does not mean that criminal charges will not be brought upon and prosecution will not take place. This is not ethical hacking, even if the criminals want you to believe that.