Following the money: How the SDNY caught the Crema hacker
While sophisticated analytics may have played a part, the exploiter seemingly made simple mistakes
FOTOKITA/Shutterstock modified by Blockworks
In what has been touted as a historic first, attorneys for the Southern District of New York revealed on Tuesday, July 11, the filing of charges against Shakeeb Ahmed. The SDNY alleges that Ahmed embezzled $9 million from a DeFi protocol based on Solana back in July 2022.
A tweet from the official SDNY account claimed the charges represented the “first-ever criminal case involving an attack on a smart contract.” Additionally, in a press release IRS-CI Special Agent Tyler Hatcher bragged about the sophistication of the investigation, saying Ahmed’s “skills were no match for IRS Criminal Investigation’s Cyber Crimes Unit.”
However, blockchain analysis shows that a number of possible missteps from the hacker indicates that the SDNY may have had an easier time apprehending the hacker than their PR tour implies.
On July 2, 2022, a hacker was able to take $9 million in a flash loan exploit on Solana’s Crema Finance, a decentralized exchange. After a period of negotiations, the hacker returned the majority of the funds on July 7. As part of the arrangement — which is not uncommon between teams and hackers — the attacker was allowed to retain ownership of assets valued at $1.6 million as a “bounty.”
While the SDNY did not specify in either the announcement or the criminal complaint which protocol was the target of the exploit, the dates, method of attack, and both the amounts stolen and the amounts eventually returned point to Crema.
Multiple Crema developers did not respond to requests for comment. In an official Telegram channel, a team member said the team was “still investigating” whether or not the project would be able to recover the remaining funds potentially seized by law enforcement from Ahmed, implicitly confirming Crema as the unnamed protocol.
The exploiter later attempted to launder the remaining funds using a variety of privacy-preserving tools, including Tornado Cash and Monero — tools that the SDNY now claim to have rendered ineffective.
Advanced analytics
The announcement of charges was notable in part for the expeditiousness of the investigation. The SDNY missed a one-year turnaround time from the end of negotiations between Crema and the exploiter by just a matter of days, far cry from the three-to-four-year turnaround the SEC took to pursue certain 2017-era ICO scams.
Aside from speed, however, the SDNY’s PR materials notably hung their hat on the analytical expertise of the investigation.
In a video accompanying the announcement of charges, SDNY Attorney Damian Williams boasted about the district’s ability to track Ahmed’s movements across blockchains:
“We also allege that he then laundered the stolen funds through a series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges. But none of those actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop my Office or our law enforcement partners from following the money.”
While anyone with access to a block explorer can track movements between addresses and often even between different blockchains with minimal expertise, according to forensics consulting firm Five I’s founder Nick Bax, the Monero tracking would require genuine investigative chops.
Monero, a blockchain built to enable privacy-preserving transactions, allows for “probabilistic” inferences that can theoretically allow investigators to track funds, but in practice, tracing these transactions is often complex.
As an example Bax pointed to Daube v. United States, another case that involved tracing Monero transactions. In that instance, investigators required additional identifying data to bolster their Monero-based work.
“Normally an investigator will need internal data from centralized services such as exchanges to learn more information about who received the Monero being spent on-chain,” Bax said.
On-ramps and off-ramps
Given the complexity of tracking the funds through Monero, it’s much more likely that the SDNY managed to catch Ahmed during on-ramping (converting fiat to crypto) rather than off-ramping (selling Monero for fiat to complete the laundering process).
Indeed, blockchain analysis from Blockworks, as well as multiple analysts at the time of the exploit, indicates that Ahmed may have made key blunders while funding the wallets from which he launched his attack.
First, analysis from SolanaFM at the time of the attack found that the attacker interacted with either Huobi exchange addresses, or nested exchange addresses associated with Huobi.
Additionally, just days after the exploit, pseudonymous on-chain analyst ZachXBT called attention to a pair of suspiciously-timed Tornado Cash transactions, leading to addresses linked to the attack.
Tornado Cash, a privacy-preserving protocol colloquially referred to as a “mixer,” is designed to allow users to cover their tracks on an otherwise public and highly traceable ledger. However, the effectiveness of the service relies on users keeping their deposits in the contracts for extended durations. Deposits made directly in and out can be interconnected, particularly when there are multiple deposits of identical amounts involved. In this instance, a user initially funded by the crypto exchange Gemini made deposits into both the 1 ETH set and the 10 ETH set, followed by withdrawals from the same sets a few hours later.
If it is determined that the suspiciously-timed deposits and withdrawals to Tornado were made by Ahmed, or, if the nature of the Huobi account suggests so, it would directly link those blockchain addresses to a trove of easily obtained know-your-customer (KYC) information.
Gemini in particular is regulated under New York state laws, and it could have been legally compelled to hand identifying information to the investigators, according to Kathleen McGee, a partner in the Tech Group at law firm Lowenstein Sandler.
“If I was the (SDNY), I would have subpoenaed directly to the exchange,” she told Blockworks in an interview.
In a statement to Blockworks, a Gemini spokesperson wrote: “As a regulated crypto exchange and custodian, Gemini complies with all applicable federal and state laws and regulations. Gemini cooperates with law enforcement and government agencies to curb illicit activity.”
Few mistakes
Ultimately, Ahmed’s seemingly clumsy usage of Tornado Cash, as well as his links to Huobi, could have acted as a smoking gun, giving the SDNY investigators a starting point from which tracking the money would have become significantly easier.
“I’m reading between the lines in this press statement, but it sounds like this individual made a few mistakes. It is often the case that hubris takes down even the best of us,” McGee said.
Indeed, the investigation conducted by the SDNY set a new benchmark in terms of its speed and sophistication. However, crypto-native analysts have been finding ways to track and pressure would-be exploiters for years — methods that law enforcement agencies are only just beginning to deploy.
“There’s just a lot of different ways to make a mistake and a hacker doesn’t even need to make many mistakes to get identified,” Bax said.
Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.
Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.
Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.
The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.
