‘Can I cross border with crypto?’: Hacker turned to Google after $9M DeFi raid

In the months after stealing millions in crypto, the accused proceeded to Google things like “defi hacks FBI”

article-image

Sundry Photography/Shutterstock modified by Blockworks

share

The Southern District of New York unveiled an indictment against an individual who stole $9 million from an unnamed decentralized cryptocurrency exchange. 

Following the theft, Shakeeb Ahmed proceeded to Google Search terms presumably in the hopes of evading the authorities. 

“As alleged, Mr. Ahmed used his skills as a computer security engineer to steal millions of dollars. He then allegedly tried to hide the stolen funds, but his skills were no match for IRS Criminal Investigation’s Cyber Crimes Unit,” said Tyler Hatcher, an agent at the IRS-CI.

Ahmed then proceeded to contact the crypto exchange to offer most of the money back in return for pocketing $1.5 million. He also proceeded to inform the exchange of its “technical vulnerabilities.”

And then, as one does, Ahmed took to Google to search terms related to the crime he had committed. He looked up “defi hack” and visited news articles connected to his attack. 

According to the indictment, Ahmed had used a VPN to conceal his internet protocol address during the attack. Afterward, he attempted to search for information to ensure that the VPN would not lead back to him.

The hack, which happened in July 2022, led to a number of different search inquiries from Ahmed as he waited to see if he had gotten away with his crime.

In August, Ahmed searched “defi hacks FBI” as well as “wire fraud” and “how to prove malicious intent.”

In a twist of irony, Ahmed is charged with wire fraud by the prosecutors. He is also charged with money laundering. 

Ahmed was also interested in “how to stop federal government from seizing assets” and then researched how he could either buy citizenship — presumably to another country — or cross borders with the $1.5 million he still had from the attack. 

The timeline of the attack was given in the indictment — which states that Ahmed contacted the exchange “almost immediately after the attack” on July 3, and then continued to negotiate with the exchange on July 6, lines up with the hack of liquidity protocol CremaFinance last July. 

CremaFinance did not immediately respond to a request for comment from Blockworks asking if the indictment was related to the $9 million hack last July.

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Unlocked by Template (1).jpg

Research

As AI supercharges surveillance, privacy becomes a prerequisite and the winning stack will combine confidentiality with selective disclosure. Zcash’s Tachyon, composable standards on Ethereum/Solana, and compliance-aware pools aim to make private rails the new norm.

article-image

Pipe’s testnet has delivered 60+ PB of data across ~290,000 Point of Presence (PoP) nodes

article-image

375ai will hold TGE at the end of the month, CEO Harry Dewhirst told Blockworks

article-image

Block’s subsidiary adds direct Bitcoin integration and AI-powered ordering tools for small businesses seeking streamlined transactions

by Blockworks /
article-image

The deal integrates Dinero’s staking suite into Plume’s real-world asset platform as it gains SEC transfer agent status

by Blockworks /
article-image

The state’s decision opens staking access to New Yorkers, signaling a regulatory shift toward broader crypto participation

by Blockworks /
article-image

The startup says it aims to rival Stripe and Worldpay by using stablecoins to speed merchant settlements from days to seconds

by Blockworks /