A former senior security engineer was sentenced to three years in prison for executing sophisticated hacks against two decentralized cryptocurrency exchanges, stealing over $12 million worth of digital assets.

Shakeeb Ahmed, 34, of New York, pleaded guilty to computer fraud charges related to the July 2022 hacks. He exploited vulnerabilities in the smart contracts governing the exchanges to artificially inflate fees and purchase crypto tokens at manipulated prices.

Damian Williams, the U.S. Attorney for the Southern District of New York, announced the sentencing and first-ever conviction for hacking a blockchain smart contract. “No matter how novel or sophisticated the hack, this office is committed to following the money and bringing hackers to justice,” Williams stated.

The Two Crypto Exchange Hacks In the first hack, Ahmed exploited a pricing flaw in an unnamed decentralized exchange. He inserted fake data to generate around $9 million in inflated fees, which he then withdrew as cryptocurrency. Ahmed later agreed to return most of the funds to avoid prosecution.

Weeks later, Ahmed struck again by hacking Nirvana Finance, a decentralized exchange for the ANA token. He used a flash loan to purchase ANA at an artificially low price through a smart contract exploit. Ahmed then immediately sold the ANA back to Nirvana at the higher market rate, netting $3.6 million – virtually all of Nirvana’s funds.

After the attacks, Ahmed searched online for information about the hacks, potential criminal liability, and how to flee the country to avoid charges.

Sophisticated Money Laundering Techniques To cover his tracks, Ahmed employed advanced crypto money laundering methods. These included swapping tokens, “bridging” funds between blockchains, converting to privacy coin Monero, using overseas exchanges, and leveraging “mixers” like Samourai Whirlpool.

In addition to his prison sentence, Ahmed was ordered to forfeit the $12.3 million in stolen cryptocurrency. He must also pay over $5 million in restitution to the victim exchanges.

NFT Trader, a peer-to-peer (P2P) trading platform, recently experienced a security breach leading to the unauthorized transfer of significant NFT assets. The attacker, identified as 0x90…8fda, successfully made off with 37 Bored Ape Yacht Club (BAYC), 13 Mutant Ape Yacht Club (MAYC), 4 World of Women, and 6 VeeFriends NFTs, collectively valued at 1,080 ETH (approximately $2.4 million). Users are strongly advised to promptly revoke any authorization granted to the platform.

Initial reports, shared by Chinese crypto news reporter Colin Wu on social media, indicate that the pilfered NFTs were sent to the address 0x909F2159780e64143CF08f32dBBF56Ed19478fda (link to tweet). An on-chain message from the address holder, claiming the role of a “scavenger,” refutes allegations of hacking the P2P trading platform. Instead, they assert rescuing the NFTs with the intention of returning them.

Further information reveals that the alleged real hacker’s address is 0x3dc115307c7b79e9ff0afe4c1a0796c22e366a47b47ed2d82194bcd59bb4bd46.

NFT Trader has acknowledged the security incident and disclosed that the attack targeted old smart contracts. In response, the platform is advising users to remove delegations via Revoke.cash from the following addresses:

• 0xc310e760778ecbca4c65b6c559874757a4c4ece0
• 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af

Despite being relatively unknown among NFT traders, NFT Trader’s website identifies its CEO as John Pak, collaborating with co-founders Mattia Migliore and an individual using the pseudonym “Bruckzr” (link to tweet).

On social media, an NFT collector (@dingalingts) has urged traders to “revoke approval to their contract ASAP” for those who have engaged with NFT Trader previously. The stolen digital assets, which exceed $2 million in value, include 37 BAYC, 13 MAYC, 4 World of Women, and 6 VeeFriends.

In a significant development for the cryptocurrency world, Binance, one of the leading global cryptocurrency exchanges, has recently announced its decision to sell its entire business operations in Russia to CommEX. This strategic move is in line with Binance’s commitment to providing a seamless transition for its Russian user base.

The off-boarding process for Russian users is expected to span over the course of a year, ensuring a gradual and secure transition of assets. Binance has reaffirmed its commitment to safeguarding the assets of all existing Russian users, reassuring them that their holdings are in safe hands.

To facilitate the migration process for its users, Binance has partnered with CommEX. Together, they will provide clear guidance on how Russian users can transition their assets to the CommEX platform. A noteworthy aspect of this transition is that a portion of new user registrations with Know Your Customer (KYC) verification from Russia will be automatically redirected to CommEX. This redirection will increase gradually over time, promoting the growth and adoption of CommEX among Russian cryptocurrency enthusiasts.

Over the coming months, Binance will systematically wind down all exchange services and business activities within Russia. Throughout this period, the priority remains on ensuring a smooth and hassle-free experience for users, as they adjust to the changes.

In a departure from the norm, Binance has opted to keep the financial specifics of the deal confidential. However, it is essential to highlight that this sale marks Binance’s complete exit from the Russian market. Unlike other international companies that have dealt with Russia, Binance will not retain any ongoing revenue share from the transaction, nor does it hold any future options to repurchase shares in the Russian business.

As per Binance’s announcement, this decision underscores Binance’s commitment to adapting to the evolving landscape of the cryptocurrency industry while prioritizing the interests and security of its users. As per Binance’s recent announcement, this move represents a strategic shift in focus, with the exchange consolidating its efforts in other markets around the world.