New York prosecutor charges hacker over $9M exploit of Solana-based exchange

cointelegraph.com:

A former security engineer for an international technology firm has been arrested and charged for allegedly using a smart contract bug to steal $9 million in cryptocurrency from a Solana-based decentralized crypto exchange.

On June 11, the United States Attorney for the Southern District of New York Damian Williams announced the “first-ever criminal case” involving an attack on a smart contract operated by a decentralized exchange (DEX).

In a statement, Williams claims the accused — Shakeeb Ahmed — “used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency.”

U.S. Attorney Damian Williams announces the first-ever criminal case involving an attack on a smart contract operated by a decentralized cryptocurrency exchange pic.twitter.com/j3JPv2L612

Williams said the attack was carried out in July 2022 and was aimed at a Solana-based DEX.

The attack involved exploiting a vulnerability in the exchange's smart contracts to generate inflated fees with flash loans.

These were then withdrawn and laundered through a “series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges.”

While Williams did not disclose the DEX that was exploited in July, previous reporting from Cointelegraph reveals an unknown hacker exploited Solana-based liquidity protocol Crema Finance on July 2, 2022, stealing $9.6 million in cryptocurrency.

The exploiter later returned most of the funds but was allowed to keep $1.6 million as a white hat bounty.

Similarly, William’s statement also noted that Ahmed decided to return all of the stolen funds except for $1.5 million on condition the crypto exchange did not refer