Hacker nets $9 million! Solana DeFi hacker faces criminal charges, targeting Crema Finance
The U.S. Department of Justice has disclosed the first criminal prosecution involving a decentralized exchange (DEX) hack, accusing hackers of launching an attack on a Solana-based DEX in 2022 and making off with approximately $9 million worth of cryptocurrency. The hackers have been arrested in New York. Although the press release did not name the DEX specifically, based on the contents of the indictment, it is likely that the DEX in question is Crema Finance, which was hacked in July last year and currently has a TVL of less than $300,000.
Table of Contents
First Decentralized Exchange Hack Case Leads to Criminal Prosecution
The case was announced by the U.S. Department of Justice on July 11 in a press release, with Damian Williams, the federal prosecutor for the Southern District of New York, holding a press conference to disclose the details.
The indictment accuses 34-year-old international technology engineer SHAKEEB AHMED of attacking the decentralized exchange DEX, involving wire fraud, money laundering, with a maximum sentence of 20 years for each charge. He was arrested in New York City on the morning of the 11th and will face trial in a U.S. district court in the afternoon.
Damian Williams stated:
Shakeeb Ahmed used his expertise to defraud exchanges and users, stealing approximately $9 million worth of cryptocurrency and laundering it through a series of on-chain, cross-chain transfers, and overseas exchanges. However, these actions could not conceal the defendant's tracks or deceive law enforcement agencies.
Tyler Hatcher, a special agent at the Los Angeles office of the Internal Revenue Service, commented:
The hacker's skills cannot be compared with the IRS Criminal Investigation Division's cybercrime unit.
U.S. Attorney Damian Williams announces the first-ever criminal case involving an attack on a smart contract operated by a decentralized cryptocurrency exchange pic.twitter.com/j3JPv2L612
— US Attorney SDNY (@SDNYnews) July 11, 2023
Hack Target Directly Points to Crema Finance
Although the press release did not explicitly state it, the mention of "DEX built on Solana," "hacked in July 2022," and the hacked amount align with the liquidity protocol Crema Finance on Solana.
Crema Finance was hacked on July 3 last year, but the hacker later turned into a white-hat hacker voluntarily, returning 6,064 ETH, 23,967.9 SOL, approximately $8.1 million, and keeping 45,455 SOL, around $168.2 as a white-hat reward.
Despite SHAKEEB AHMED's series of actions such as cross-chain Solana-Ethereum transfers, converting stolen funds to Monero XMR, and withdrawing through overseas exchanges, he could not escape the law.
The press release also revealed that after attacking the DEX, SHAKEEB AHMED searched on Google for keywords like "how to avoid federal asset seizures" and "buy citizenship," visiting several websites that provide ways to avoid extradition and long-term residency overseas.
As for the hacked victim Crema Finance, DefiLlama shows they have a TVL of only about $240,000 left.
