前安全工程师被判3年监禁：盗窃1230万美元的加密货币交易

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.

一名前安全工程师因涉嫌于2022年7月黑客攻击两家去中心化加密货币交易所并窃取超过1230万美元而被判处美国三年监禁。

Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July.

涉案被告Shakeeb Ahmed于2023年12月承认一项计算机欺诈罪名，并于7月被捕后认罪。

"At the time of both attacks, Ahmed, a U.S. citizen, was a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the hacks," the U.S. Department of Justice (DoJ) noted at the time.

美国司法部当时指出：“在两次攻击中，美国公民Ahmed是一家国际技术公司的高级安全工程师，其简历显示他具有逆向工程智能合约和区块链审计等专业技能，这些是Ahmed执行黑客攻击所使用的专业技能之一。”

While the name of the company was not disclosed, he was residing in Manhattan, New York, and working for Amazon before he was apprehended.

尽管公司名称未透露，但他在被捕前居住在纽约曼哈顿，并在亚马逊工作。

Court documents show that Ahmed exploited a security flaw in an unnamed cryptocurrency exchange's smart contracts to insert "fake pricing data to fraudulently generate millions of dollars' worth of inflated fees," which he was able to withdraw.

法庭文件显示，Ahmed利用某个未透露的加密货币交易所智能合约的安全漏洞插入“虚假定价数据以欺诈性地生成数百万美元的虚高费用”，然后将其提取出来。

Subsequently, he initiated contact with the company and agreed to return most of the funds except for $1.5 million if the exchange agreed not to alert law enforcement about the flash loan attack.

随后，他与该公司联系，并同意返还大部分资金，除了150万美元，如果交易所同意不就闪电贷攻击通知执法部门。

It's worth noting that CoinDesk reported in early July 2022 that an unknown attacker returned more than $8 million worth of cryptocurrency to a Solana-based crypto exchange called Crema Finance, while keeping $1.68 million as a "white hat" bounty.

值得注意的是，CoinDesk在2022年7月初报道称，一名不知名的攻击者向一家名为Crema Finance的Solana基加密货币交易所返还了超过800万美元的加密货币，同时保留了168万美元作为“白帽子”赏金。

Ahmed has also been accused of carrying out an attack on a second decentralized cryptocurrency exchange called Nirvana Finance, siphoning $3.6 million in the process, ultimately leading to its shutdown.

Ahmed还被指控对第二家名为Nirvana Finance的去中心化加密货币交易所发动攻击，在此过程中获取360万美元，最终导致其关闭。

"Ahmed used an exploit he discovered in Nirvana's smart contracts to allow him to purchase cryptocurrency from Nirvana at a lower price than the contract was designed to allow," the DoJ said.

“Ahmed利用他在Nirvana智能合约中发现的漏洞，使他能够以低于合约所允许的价格从Nirvana购买加密货币，然后立即以更高的价格将该加密货币出售给Nirvana。”

"He then immediately resold that cryptocurrency to Nirvana at a higher price. Nirvana offered Ahmed a 'bug bounty' of as much as $600,000 to return the stolen funds, but Ahmed instead demanded $1.4 million, did not reach agreement with Nirvana, and kept all the stolen funds."

“Nirvana向Ahmed提供高达60万美元的‘漏洞赏金’以返还被盗资金，但Ahmed要求140万美元，未能与Nirvana达成协议，并保留了所有被盗资金。”

The defendant then laundered the stolen funds to cover up the trail using cross-chain bridges to move the illicit digital assets from Solana to Ethereum and exchanging the proceeds into Monero using mixers like Samourai Whirlpool.

被告随后利用跨链桥转移被盗资金，从Solana转移到以太坊，并使用Samourai Whirlpool等混币器将收益转换为门罗币以掩盖痕迹。

Besides the three-year jail term, Ahmed has been sentenced to three years of supervised release and ordered to forfeit approximately $12.3 million and pay restitution amounting more than $5 million to both the impacted crypto exchanges.

除了三年监禁，Ahmed被判处三年监督释放，并被责令放弃约1230万美元，并支付超过500万美元的赔偿金给受影响的加密货币交易所。

参考资料

[1]https://thehackernews.com/2024/04/ex-security-engineer-jailed-3-years-for.html

关注我们

        欢迎来到我们的公众号！我们专注于全球网络安全和精选双语资讯，为您带来最新的资讯和深入的分析。在这里，您可以了解世界各地的网络安全事件，同时通过我们的双语新闻，获取更多的行业知识。感谢您选择关注我们，我们将继续努力，为您带来有价值的内容。

原文始发于微信公众号（知机安全）：前安全工程师被判3年监禁：盗窃1230万美元的加密货币交易