Nirvana hacker sentenced to 3 years after pleading guilty

Shakeeb Ahmed was tied to two hacks, and the DOJ first filed an indictment against him in July of last year

April 12, 2024 11:52 am

Artwork by Crystal Le

Shakeeb Ahmed, the hacker behind the 2022 Nirvana exploit, a flash loan attack, was sentenced to three years on Friday.

The Department of Justice announced the sentencing, which marks the first time someone has been convicted for hacking a smart contract.

“No matter how novel or sophisticated the hack, this Office and our law enforcement partners are committed to following the money and bringing hackers to justice,” US attorney Damian Williams said in a statement. “And as today’s sentence shows, time in prison — and forfeiture of all the stolen crypto — is the inevitable consequence of such destructive hacks.”

Ahmed pleaded guilty to the DOJ’s charges in December of last year. At the time, he forfeited $12.3 million, with roughly $6 million of that in crypto.

Ahmed, in addition to the forfeiture, was ordered to “pay restitution to the Crypto Exchange and Nirvana in the amount of over $5 million,” Friday’s release said.

The charges against Ahmed were first brought in July of 2023. However, they only linked him to the hack of one exchange. He was later found to have launched a multi-million dollar hack on another exchange.

Blockworks previously reported that the references matched the Crema Finance hack in July 2022. The DOJ still hasn’t publicly released the second exchange’s name.

According to the DOJ’s release, Ahmed – in addition to his prison term — will also face three years of supervised release.

The original indictment filed against Ahmed revealed that he attempted to utilize Google in the hopes of evading the authorities.

Ahmed allegedly searched “defi hack” and “how to stop federal government from seizing assets” on Google following the exploits.

At the time, Nirvana attempted to offer Ahmed a bug bounty of $600,000 to return the funds, but Ahmed — after demanding $1.4 million — didn’t reach an agreement with the team.

Get the news in your inbox. Explore Blockworks newsletters:

The Breakdown: Decoding crypto and the markets. Daily.
Empire: Crypto news and analysis to start your day.
Forward Guidance: The intersection of crypto, macro and policy.
0xResearch: Alpha directly in your inbox.
Lightspeed: All things Solana.
The Drop: Apps, games, memes and more.
Supply Shock: Bitcoin, bitcoin, bitcoin.

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy tickets learn more

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy tickets learn more

Permissionless IV Hackathon

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

🚀 Build What’s Next — Permissionless IV Hackathon Join us June 22–23 in Brooklyn for the Permissionless IV Hackathon — a 36-hour sprint hosted by Cracked Labs and Blockworks where top builders turn ideas into real products. Come to launch, not just […]

learn more

recent research

Research

Kamino V2: A New Growth Lever

Kamino has evolved into a full-stack asset scaling suite with V2: unlocking new markets, improving capital efficiency, and catering to various risk profiles. We believe it is best positioned to become the credit backbone of Solana as the ecosystem matures. Simply put, KMNO remains our highest-conviction bet in the Solana ecosystem. This report lays out our thesis.

by Carlos Gonzalez Campo

news

Breaking headlines across our core coverage categories.