Nirvana Finance Hacker Jailed for Three Years

Reading Time: 2 minutes
  • Shakeeb Ahmed has been sentenced to three years for hacking Nirvana Finance, marking the first conviction for smart contract exploitation
  • The Department of Justice announced the sentence four months after Ahmed’s guilty plea
  • US authorities emphasize that Ahmed’s case is precedent-setting and similar convictions are likely in the future

In a landmark case, Nirvana Finance hacker Shakeeb Ahmed was on Friday handed a three-year sentence for his crime, marking the first conviction of its kind for hacking a smart contract. The Department of Justice (DoJ) announced the sentence following Ahmed’s guilty plea in December. US authorities warned that this might be the first time someone has been jailed for exploitation of a smart contract, but it certainly won’t be the last.

Ahmed Stole $12 Million

The DoJ brought charges against Ahmed in July 2023, accusing him of orchestrating an elaborate scheme that involved him exploting vulnerabilities in smart contracts, resulting in inflated fees and substantial financial losses for both Nirvana and another unnamed cryptocurrency exchange. Ahmed manipulated pricing data and conducted flash loans, profiting to the tune of more than $12 million dollars.

Despite Nirvana’s offer of a “bug bounty” to return the stolen funds, Ahmed refused and demanded a larger sum, ultimately leaving the platform bankrupt. To conceal the illicit origins of the funds, Ahmed employed sophisticated laundering techniques, including token-swap transactions, cross-blockchain fraud transfers, and privacy coin Monero.

Following the attacks, Ahmed made efforts to evade capture, researching topics such as criminal liability, extradition, and asset protection, with his internet search queries including advice on fleeing the US and purchasing citizenship in other countries.

Guilty Plea Sets the Scene

Ahmed pleaded guilty to the charges in December of the previous year, and last week agreed to forfeit $12.3 million obtained through his practices. In addition to the forfeiture, Ahmed has been ordered to pay restitution amounting to over $5 million to the two exchanges he defrauded.

US Attorney Damian Williams welcomed the sentence and the precedent:

No matter how novel or sophisticated the hack, this Office and our law enforcement partners are committed to following the money and bringing hackers to justice. And as today’s sentence shows, time in prison — and forfeiture of all the stolen crypto — is the inevitable consequence of such destructive hacks.

The sentence comes as Mango Markets exploiter Avraham Eisenberg is on trial for his nefarious deeds, which also involved the manipulation of smart contracts in a much more high-profile case.