Former Amazon Engineer Reverse Engineers Crypto Hacks

crypto currency's hacks have become a constant target for those seeking to steal funds as the emerging technology is still lacking in appropriate law enforcement and for a long period of time regulators weren’t getting involved in policing the sector.

But things have started to take a turn as the US Government continues to expand it’s oversight into the sector and more recently a former Amazon engineer, Shakeeb Ahmed recently pleaded guilty to hacking two crypto currency Centralised Exchanges (CEX).

Marking the first ever conviction involving the hacking of a smart contract. Ahmed, a security engineer at Amazon exploited vulnerabilities in smart contracts to steal USD 12.3 million worth of crypto currency from Nirvana Finance and another unnamed exchange on the Solana blockchain in 2022.

The Amazon Engineer

Smart contracts are like digital vending machines that execute predefined functions when specific conditions are met. Ahmed utilised his specialised skills developed at Amazon to reverse engineer the steps needed to manipulate smart contracts on the targeted exchanges. By submitting falsified data he caused the contracts to generate millions of dollars in inflated fees that he had not legitimately earned.

Ahmed's attempt to cover his tracks included negotiations with the second crypto exchange. He proposed returning the stolen funds minus USD 1.5 million in exchange for the exchange refraining from involving law enforcement. However, this attempt did not succeed.
After successfully hacking the first exchange Ahmed turned his attention to Nirvana's crypto currency, ANA.

Exploiting a feature designed to inflate token prices after a large sum was purchased Ahmed purchased USD 10 million worth of ANA tokens at a lowered price and made a USD 3.6 million profit. Nirvana attempted to resolve the issue by offering a bug bounty but Ahmed demanded USD 1.4 million, leading to Nirvana's closure.

Ahmed will face up to 5 years in prison making this the first successful case the US Attorney has brought before the courts to prosecute a crypto currency hacker.

Widespread Vulnerabilities

Crypto currency hacks have become an increasingly prevalent threat to the industry with smart contracts being a prime target. In 2022 approximately USD 2.2 billion in crypto currency was stolen from Decentralised Finance (De-Fi) projects emphasizing the urgent need for enhanced security measures.

Smart contracts, built on open source code expose themselves to potential exploitation by hackers who study the inner workings of the software. Ahmed's case sheds light on the risks associated with the vulnerabilities of smart contracts despite their intended purpose of eliminating fraud by cutting out intermediaries.

2023 Lookback on Failures and Hacks

Ahmed's case is just one example of the challenges the crypto currency industry faced in 2023. ApeCoin, Huobi Token, HEX, Dash, and Secret Network experienced significant crashes with factors ranging from declining interest to regulatory troubles and technical failures.

Furthermore, several high profile hacks such as those involving Mixin Network, Euler Finance, Multichain, Poloniex and KyberSwap, showcases the persistent threat posed by malicious actors seeking to exploit vulnerabilities in crypto currency systems.
Despite the alarming frequency of crypto currency hacks, there are encouraging signs.

According to TRM Labs the crypto currency industry saw a 50% reduction in hack volumes in 2023 compared to the previous year. The decline is attributed to improved security measures, increased law enforcement actions and greater industry coordination.

TRM Labs' research highlights the importance of real time transaction monitoring, anomaly detection systems and collaborative efforts among industry stakeholders in mitigating the impact of hacks. However, the report concludes with a cautionary note that urges continued vigilance and adaptability to counter emerging, sophisticated threats that could reverse the positive trend.

North Korea responsible for 20% of Crypto Hacks

While major crypto hacking incidents declined in 2023 North Korea's Lazarus Group remained a significant player in cybercrime. Responsible for nearly 20% of crypto losses exceeding USD 300 million Lazarus Group's activities brings to light the geopolitical dimension of crypto currency threats.
The case of Shakeeb Ahmed, the former Amazon engineer serves as a stark reminder of the vulnerabilities within the crypto currency sector and how people with sound knowledge of software and coding can implement harm across the sector.

As the industry grapples with the aftermath of unprecedented hacks there is a collective responsibility among industry participants, law enforcement and regulatory bodies to enhance security measures, share information and adapt to evolving threats.

The future of crypto currencies hinges on the ability to strike a balance between innovation and safeguarding against malicious actors who exploit the vulnerabilities inherent in this rapidly evolving landscape.

Image sources provided supplemented by Canva Pro Subscription. This is not financial advice and readers are advised to undertake their own research or seek professional financial services.

Posted Using InLeo Alpha