Following the money: How the SDNY caught the Crema hacker

While sophisticated analytics may have played a part, the exploiter seemingly made simple mistakes

by Andrew Thurman /
article-image

FOTOKITA/Shutterstock modified by Blockworks

share

In what has been touted as a historic first, attorneys for the Southern District of New York revealed on Tuesday, July 11, the filing of charges against Shakeeb Ahmed. The SDNY alleges that Ahmed embezzled $9 million from a DeFi protocol based on Solana back in July 2022.

A tweet from the official SDNY account claimed the charges represented the “first-ever criminal case involving an attack on a smart contract.” Additionally, in a press release IRS-CI Special Agent Tyler Hatcher bragged about the sophistication of the investigation, saying Ahmed’s “skills were no match for IRS Criminal Investigation’s Cyber Crimes Unit.”

However, blockchain analysis shows that a number of possible missteps from the hacker indicates that the SDNY may have had an easier time apprehending the hacker than their PR tour implies. 

On July 2, 2022, a hacker was able to take $9 million in a flash loan exploit on Solana’s Crema Finance, a decentralized exchange. After a period of negotiations, the hacker returned the majority of the funds on July 7. As part of the arrangement — which is not uncommon between teams and hackers — the attacker was allowed to retain ownership of assets valued at $1.6 million as a “bounty.”

While the SDNY did not specify in either the announcement or the criminal complaint which protocol was the target of the exploit, the dates, method of attack, and both the amounts stolen and the amounts eventually returned point to Crema. 

Multiple Crema developers did not respond to requests for comment. In an official Telegram channel, a team member said the team was “still investigating” whether or not the project would be able to recover the remaining funds potentially seized by law enforcement from Ahmed, implicitly confirming Crema as the unnamed protocol. 

The exploiter later attempted to launder the remaining funds using a variety of privacy-preserving tools, including Tornado Cash and Monero — tools that the SDNY now claim to have rendered ineffective. 

Advanced analytics

The announcement of charges was notable in part for the expeditiousness of the investigation. The SDNY missed a one-year turnaround time from the end of negotiations between Crema and the exploiter by just a matter of days, far cry from the three-to-four-year turnaround the SEC took to pursue certain 2017-era ICO scams.

Aside from speed, however, the SDNY’s PR materials notably hung their hat on the analytical expertise of the investigation. 

In a video accompanying the announcement of charges, SDNY Attorney Damian Williams boasted about the district’s ability to track Ahmed’s movements across blockchains:

“We also allege that he then laundered the stolen funds through a series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges.  But none of those actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop my Office or our law enforcement partners from following the money.”

While anyone with access to a block explorer can track movements between addresses and often even between different blockchains with minimal expertise, according to forensics consulting firm Five I’s founder Nick Bax, the Monero tracking would require genuine investigative chops. 

Monero, a blockchain built to enable privacy-preserving transactions, allows for “probabilistic” inferences that can theoretically allow investigators to track funds, but in practice, tracing these transactions is often complex. 

As an example Bax pointed to Daube v. United States, another case that involved tracing Monero transactions. In that instance, investigators required additional identifying data to bolster their Monero-based work. 

“Normally an investigator will need internal data from centralized services such as exchanges to learn more information about who received the Monero being spent on-chain,” Bax said. 

On-ramps and off-ramps

Given the complexity of tracking the funds through Monero, it’s much more likely that the SDNY managed to catch Ahmed during on-ramping (converting fiat to crypto) rather than off-ramping (selling Monero for fiat to complete the laundering process). 

Indeed, blockchain analysis from Blockworks, as well as multiple analysts at the time of the exploit, indicates that Ahmed may have made key blunders while funding the wallets from which he launched his attack. 

First, analysis from SolanaFM at the time of the attack found that the attacker interacted with either Huobi exchange addresses, or nested exchange addresses associated with Huobi. 

Additionally, just days after the exploit, pseudonymous on-chain analyst ZachXBT called attention to a pair of suspiciously-timed Tornado Cash transactions, leading to addresses linked to the attack. 

Tornado Cash, a privacy-preserving protocol colloquially referred to as a “mixer,” is designed to allow users to cover their tracks on an otherwise public and highly traceable ledger. However, the effectiveness of the service relies on users keeping their deposits in the contracts for extended durations. Deposits made directly in and out can be interconnected, particularly when there are multiple deposits of identical amounts involved. In this instance, a user initially funded by the crypto exchange Gemini made deposits into both the 1 ETH set and the 10 ETH set, followed by withdrawals from the same sets a few hours later.

If it is determined that the suspiciously-timed deposits and withdrawals to Tornado were made by Ahmed, or, if the nature of the Huobi account suggests so, it would directly link those blockchain addresses to a trove of easily obtained know-your-customer (KYC) information.

Gemini in particular is regulated under New York state laws, and it could have been legally compelled to hand identifying information to the investigators, according to Kathleen McGee, a partner in the Tech Group at law firm Lowenstein Sandler. 

“If I was the (SDNY), I would have subpoenaed directly to the exchange,” she told Blockworks in an interview.

In a statement to Blockworks, a Gemini spokesperson wrote: “As a regulated crypto exchange and custodian, Gemini complies with all applicable federal and state laws and regulations. Gemini cooperates with law enforcement and government agencies to curb illicit activity.”

Few mistakes

Ultimately, Ahmed’s seemingly clumsy usage of Tornado Cash, as well as his links to Huobi, could have acted as a smoking gun, giving the SDNY investigators a starting point from which tracking the money would have become significantly easier.

“I’m reading between the lines in this press statement, but it sounds like this individual made a few mistakes. It is often the case that hubris takes down even the best of us,” McGee said. 

Indeed, the investigation conducted by the SDNY set a new benchmark in terms of its speed and sophistication. However, crypto-native analysts have been finding ways to track and pressure would-be exploiters for years — methods that law enforcement agencies are only just beginning to deploy.

“There’s just a lot of different ways to make a mistake and a hacker doesn’t even need to make many mistakes to get identified,” Bax said.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Tags

Upcoming Events

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

learn more

recent research

Research report HL cover.jpg

Research

Hyperliquid Deep Dive: The Future of Perp DEXs

It's increasingly apparent that orderbooks represent the most efficient model for perpetual trading, with the primary obstacle being that the most popular blockchains are ill-suited for hosting a fully onchain orderbook. Hyperliquid is a perpetual trading protocol built on its own L1 that aims to replicate the user experience of centralized exchanges while offering a fully onchain orderbook.

by Carolina

/

news

article-image

Web3

Empire Newsletter: Unpacking the Consensys legal salvo

Consensys filed a lawsuit against the SEC in a Texas court on Thursday

by Michael McSweeney&Casey Wagner&David Canellis&Katherine Ross /
article-image

Business

A bitcoin mining giant is ahead of schedule on its post-halving expansion

Marathon Digital’s hash rate target of 50 EH/s by the end of 2025 may be achieved a year sooner than expected, CEO says

by Ben Strack /
article-image

DeFi

Algorand courts Python devs in ‘seismic change’

The Algorand Foundation touts the network as first to go after pool of 10 million global developers

by Macauley Peterson /
article-image

DeFi

MapMetrics ditches Solana blockchain for peaq

Drive-to-earn DePIN project MapMetrics will slowly transition to the peaq blockchain

by Bessie Liu /
article-image

Policy

SEC seeks to regulate ETH as a security, Consensys alleges in lawsuit

The suit, filed in a Texas court, alleges a regulatory overreach by the SEC

by Katherine Ross /
article-image

Business

Stripe to bring back crypto payments in the next few months

This is the first crypto-centric announcement from Stripe since May of last year

by Katherine Ross /