Nirvana hacker sentenced to 3 years after pleading guilty

Shakeeb Ahmed, the hacker behind the 2022 Nirvana exploit, a flash loan attack, was sentenced to three years on Friday.

The Department of Justice announced the sentencing, which marks the first time someone has been convicted for hacking a smart contract.

“No matter how novel or sophisticated the hack, this Office and our law enforcement partners are committed to following the money and bringing hackers to justice,” US attorney Damian Williams said in a statement. “And as today’s sentence shows, time in prison — and forfeiture of all the stolen crypto — is the inevitable consequence of such destructive hacks.”

Ahmed pleaded guilty to the DOJ’s charges in December of last year. At the time, he forfeited $12.3 million, with roughly $6 million of that in crypto.

Ahmed, in addition to the forfeiture, was ordered to “pay restitution to the Crypto Exchange and Nirvana in the amount of over $5 million,” Friday’s release said.

The charges against Ahmed were first brought in July of 2023. However, they only linked him to the hack of one exchange. He was later found to have launched a multi-million dollar hack on another exchange.

Blockworks previously reported that the references matched the Crema Finance hack in July 2022. The DOJ still hasn’t publicly released the second exchange’s name.

According to the DOJ’s release, Ahmed – in addition to his prison term — will also face three years of supervised release.

The original indictment filed against Ahmed revealed that he attempted to utilize Google in the hopes of evading the authorities.

Ahmed allegedly searched “defi hack” and “how to stop federal government from seizing assets” on Google following the exploits.

At the time, Nirvana attempted to offer Ahmed a bug bounty of $600,000 to return the funds, but Ahmed — after demanding $1.4 million — didn’t reach an agreement with the team.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.