A top cybersecurity pro for Amazon appears to be in deep trouble. Federal prosecutors say Shakeeb Ahmed used his hacking skills to steal $9 million in assets from a cryptocurrency exchange last summer, then attempted to launder the stolen goods through a haze of online trickery.
The 34-year-old techie was taken into custody in Manhattan on Tuesday and charged with wire fraud and money laundering. Described by officials only as a “former security engineer” for an “international technology company,” Ahmed is accused of using his security acumen to cheat an unnamed Solana-based crypto exchange out of millions of dollars.
More specifically, cops say that Ahmed exploited a vulnerability in the unnamed exchange’s smart contract—the software used to facilitate crypto transactions—which allowed him to generate $9 million in illegitimate fees. These fees were supposed to be paid to customers who provided high levels of liquidity to the platform. However, Ahmed allegedly manipulated the software to insert false price data that basically generated money out of thin air. Ahmed is also accused of later using “flash loan” attacks—another kind of crypto exploit—to try to bilk more money out of the exchange.
It was initially unclear what company Ahmed had previously worked for, as officials did not identify his place of employment. However, on Tuesday evening, cybersecurity blogger Jackie Singh wrote that Ahmed had worked for Amazon, citing numerous online profiles that appeared to be tied to the security professional.
Gizmodo reached out to Amazon for details about Ahmed’s employment and a spokesperson confirmed that Ahmed was no longer employed with the company but couldn’t provide further details about his role at the tech giant.
A LinkedIn profile matching Ahmed’s description lists him as a “Senior Security Engineer” at Amazon and says he has been employed with the company since November of 2020. The profile still lists Amazon as the user’s place of employment. It couldn’t immediately be verified whether the profile reflected the person arrested Tuesday.
Inner City Press, a New York outlet, reports that when Ahmed appeared in court for his arraignment on Tuesday he was wearing flip flops, shorts, and a T-shirt that merely said “I code.” He was subsequently released on bond and will be allowed to continue live at his apartment in the Manhattan, the outlet says.
“As alleged, Mr. Ahmed used his skills as a computer security engineer to steal millions of dollars. He then allegedly tried to hide the stolen funds, but his skills were no match for IRS Criminal Investigation’s Cyber Crimes Unit,” said Tyler Hatcher, special agent in charge of the cyber unit, in a statement on Tuesday. “We, along with our partners at HSI and the Department of Justice, are at the forefront of cyber investigations and will track these fraudsters anywhere they try to hide and hold them accountable.”
Each of the charges that Ahmed has been slapped with carry a maximum penalty of twenty years in prison. If convicted, he could face decades behind bars.