New York District Attorney Charges Exploiting Solana DEX
A hacker has been charged by a New York prosecutor for exploiting a decentralized exchange (DEX) on the Solana blockchain. The individual in question is currently facing legal consequences for allegedly taking undue advantage of vulnerabilities in the DEX’s smart contracts, causing significant financial losses.
This marks a landmark moment as Damian Williams, district attorney of the Southern District of New York (SDNY) has now filed the first-ever criminal charges for an attack on a smart contract in the decentralized crypto exchange (DEX) sector.
According to an official announcement made on July 11, Shakeeb Ahmed, the accused in the recent smart contract attack case, allegedly exploited his position as a senior security engineer at an international tech firm to commit fraud.
District Attorney, Williams stated:
His loot aggregated to approximately $9 million in crypto, but he gave back most of it.
Attacker Generated Inflated Fees With Flash Loans On The Exchange
By exploiting a vulnerability in the exchange’s smart contract, the attacker generates inflated fees through flash loans, resulting in significant financial losses for users of the decentralized exchange (DEX).
The attack involves borrowing a large amount of cryptocurrency and executing trades on the exchange, artificially manipulating the market and driving up fees associated with those trades. Once the trades are completed, the attacker repays the loan often leaving no trace of fraudulent activity.
However, in this case, the attacker left a trail that law enforcement was able to follow and use to track down the culprit. The case is being prosecuted by a joint task force that includes the Money Laundering and Transnational Criminal Enterprises Unit, as well as the Complex Frauds and Cybercrime Unit.
The district attorney mentioned that there were a “Series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges.”
According to Williams’ statement, Ahmed returned all the stolen funds, except for $1.5 million, under the condition that the crypto exchange would not report the attack to law enforcement.
Targeted Solana DEX Remains Unknown
Although the specific DEX targeted in the recent attack was not disclosed, previous reports suggest that an unidentified hacker targeted Crema Finance, a Solana-based liquidity protocol, on July 2, 2022, siphoning off $9.6 million worth of cryptocurrency.
Furthermore, it has been reported that the attacker returned the majority of the stolen funds after the incident and was even granted a white hat bounty of $1.6 million. This information is consistent with Damian Williams’ statement regarding the return of $1.5 million.
Additionally, the fact that the press release mentions a platform on the Solana blockchain makes it even more plausible that the Crema Finance incident and the recent smart contract attack case are related. However, it is important to note that there has been no official confirmation linking the two incidents at this point in time.
Featured image from UnSplash, chart from TradingView.com