‘Can I cross border with crypto?’: Hacker turned to Google after $9M DeFi raid

In the months after stealing millions in crypto, the accused proceeded to Google things like “defi hacks FBI”


Sundry Photography/Shutterstock modified by Blockworks


The Southern District of New York unveiled an indictment against an individual who stole $9 million from an unnamed decentralized cryptocurrency exchange. 

Following the theft, Shakeeb Ahmed proceeded to Google Search terms presumably in the hopes of evading the authorities. 

“As alleged, Mr. Ahmed used his skills as a computer security engineer to steal millions of dollars. He then allegedly tried to hide the stolen funds, but his skills were no match for IRS Criminal Investigation’s Cyber Crimes Unit,” said Tyler Hatcher, an agent at the IRS-CI.

Ahmed then proceeded to contact the crypto exchange to offer most of the money back in return for pocketing $1.5 million. He also proceeded to inform the exchange of its “technical vulnerabilities.”

And then, as one does, Ahmed took to Google to search terms related to the crime he had committed. He looked up “defi hack” and visited news articles connected to his attack. 

According to the indictment, Ahmed had used a VPN to conceal his internet protocol address during the attack. Afterward, he attempted to search for information to ensure that the VPN would not lead back to him.

The hack, which happened in July 2022, led to a number of different search inquiries from Ahmed as he waited to see if he had gotten away with his crime.

In August, Ahmed searched “defi hacks FBI” as well as “wire fraud” and “how to prove malicious intent.”

In a twist of irony, Ahmed is charged with wire fraud by the prosecutors. He is also charged with money laundering. 

Ahmed was also interested in “how to stop federal government from seizing assets” and then researched how he could either buy citizenship — presumably to another country — or cross borders with the $1.5 million he still had from the attack. 

The timeline of the attack was given in the indictment — which states that Ahmed contacted the exchange “almost immediately after the attack” on July 3, and then continued to negotiate with the exchange on July 6, lines up with the hack of liquidity protocol CremaFinance last July. 

CremaFinance did not immediately respond to a request for comment from Blockworks asking if the indictment was related to the $9 million hack last July.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2023

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research Report Cover Graphics (5).jpg


This month's PPGC mainly focused on discussing PIP-37: Ahmedabad Hard Fork, and the PIPs included with it. PIP-36, PIP-30 and PIP-35, included alongside PIP-37, were discussed also in the last PPGC notes. The only notable change since then has been the adoption of EIP-7702 over EIP-3074, with regard to PIP-22. Both are related to account abstraction, while EIP-7702 was proposed by Vitalik while EIP-7702 to eliminate vulnerabilities and ensure forward compatibility, by improving upon EIP-3074.


Plus, May’s jobs report from the Bureau of Labor Statistics is going to be a big one


Plus, it’s time to finally address the Iggy Azalea in the room


There will be no altcoin season until we get ETFs for all the dog coins


Bitcoin miner is in discussions with other potential clients as it plans to use another 300 MW of capacity to support high-performance computing


Plus, Robinhood announced that it entered into an agreement to acquire Bitstamp, one of Europe’s largest and longest-serving crypto exchanges


Whether you decide to invest in bitcoin should be up to you, not the SEC or Gary Gensler