US prosecutors charged a New York man with stealing millions of dollars in crypto after exploiting vulnerabilities on a decentralised finance or “DeFi” platform — the latest sign of increased willingness by authorities to wade into this corner of the digital-asset market to thwart alleged wrongdoing.
Shakeeb Ahmed, a 34-year-old senior security engineer for an international technology company, took advantage of a flaw in one of the exchange’s smart contracts to insert fake pricing data, generating about $9 million of inflated and unearned fees that he was able to withdraw in crypto, the US Attorney’s Office for the Southern District of New York said in an indictment unsealed Tuesday. Manhattan prosecutors also accused Ahmed of laundering the stolen funds through a series of complex transactions, including using overseas digital-asset exchanges.
“The Southern District of New York has always been on the cutting edge of catching and prosecuting criminals who use new technologies to commit old-fashioned fraud,” Manhattan US Attorney Damian Williams said in a video statement posted to Twitter. “SDNY is watching and we’re determined to follow the digital fingerprints to bring fraudsters to justice.”
Williams said the charges mark the first criminal case involving an attack on a smart contract on a decentralized crypto exchange. DeFi platforms allow users to trade, borrow and lend digital assets without having to go through an intermediary. They achieve this through the use of smart contracts — computer programs that automatically execute transactions when predetermined conditions are met.
That’s different from how centralised exchanges like Coinbase Global or Binance Holdings operate and has often led those in the DeFi community to maintain that it shouldn’t be subject to the same rules that apply to traditional finance. But US authorities have increasingly pushed back on that idea, pursuing DeFi projects they allege have broken the law or individuals who use the platforms to commit crimes.
“This case is another reminder that DeFi markets are not a Hobbesian marketplace where no laws exist and any conduct is fair game,” Ashok Ayyar, counsel at Ashbury Legal, said. “Theft is theft, and code is not law.”
The action against Ahmed has similarities to charges brought against trader Avraham Eisenberg, who is accused of stealing $110 million worth of cryptocurrency from DeFi exchange Mango Markets by manipulating the price of futures contracts. He’s set to face a criminal trial in New York on December 4.
Markets regulators, including the Securities and Exchange Commission and Commodity Futures Trading Commission, have also turned their attention to DeFi actors.
The CFTC, the US’s derivatives regulator, recently won a case against a decentralized autonomous organization called Ooki DAO. A federal judge in June sided with the CFTC’s accusations that the organization operated an illegal trading platform and violated other agency rules. The judge ordered Ooki DAO to shut down and pay a penalty of $643,542. The CFTC, at the time, said the decision was “precedent-setting.”
BarnBridge DAO also disclosed on social media earlier this month that it was being investigated by the SEC. A lawyer for the DAO said it would be halting operations until further notice.
© 2023 Bloomberg