Tag Archive for: ExSecurity

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

/in


Apr 13, 2024NewsroomCryptocurrency / Regulatory Compliance

Crypto Exchange Thefts

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.

Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July.

“At the time of both attacks, Ahmed, a U.S. citizen, was a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the hacks,” the U.S. Department of Justice (DoJ) noted at the time.

Cybersecurity

While the name of the company was not disclosed, he was residing in Manhattan, New York, and working for Amazon before he was apprehended.

Court documents show that Ahmed exploited a security flaw in an unnamed cryptocurrency exchange’s smart contracts to insert “fake pricing data to fraudulently generate millions of dollars’ worth of inflated fees,” which he was able to withdraw.

Subsequently, he initiated contact with the company and agreed to return most of the funds except for $1.5 million if the exchange agreed not to alert law enforcement about the flash loan attack.

It’s worth noting that CoinDesk reported in early July 2022 that an unknown attacker returned more than $8 million worth of cryptocurrency to a Solana-based crypto exchange called Crema Finance, while keeping $1.68 million as a “white hat” bounty.

Ahmed has also been accused of carrying out an attack on a second decentralized cryptocurrency exchange called Nirvana Finance, siphoning $3.6 million in the process, ultimately leading to its shutdown.

“Ahmed used an exploit he discovered in Nirvana’s smart contracts to allow him to purchase cryptocurrency from Nirvana at a lower price than the contract was designed to allow,” the DoJ said.

Cybersecurity

“He then immediately resold that cryptocurrency to Nirvana at a higher price. Nirvana offered Ahmed a ‘bug bounty’ of as much as $600,000 to return the stolen funds, but Ahmed instead demanded $1.4 million, did not reach…

Source…

Ex-security head alleges Twitter misled regulators

/in


STORY: Shares of Twitter dropped sharply on Tuesday after the revelation of an explosive whistleblower complaint alleging the social media company misled federal regulators about its defenses against hackers and spam accounts.

The disclosures come from Twitter’s former security chief Peiter Zatko, a famed hacker more widely known as “Mudge,” who has testified before Congress about the vulnerabilities of the internet in the past.

“If you’re looking for computer security, then the internet is not the place to be.”

Zatko, seen here in an interview with Reuters at the 2019 Black Hat cybersecurity conference, filed an 84-page complaint last month with multiple government agencies, alleging that Twitter falsely claimed it had a solid security plan and said he had warned colleagues that half the company’s servers were running out-of-date and vulnerable software.

The complaint, which was first reported by the Washington Post and CNN, was also sent to congressional committees.

A Twitter spokesperson said on Tuesday that Zatko was fired in January for “ineffective leadership and poor performance” less than two years after then-CEO Jack Dorsey appointed him to the role, and said his complaint was designed to capture attention and inflict harm on Twitter.

The whistleblower complaint comes at a rough time for the social platform, as it’s embroiled in a legal battle with Elon Musk after he said in July he was ending an agreement to buy the company, alleging Twitter had violated the terms of the deal.

The world’s richest person has accused Twitter of hiding information about how it calculates the percentage of bots on the service.

The whistleblower complaint alleges Twitter prioritized user growth over reducing spam, offering executives massive bonuses for increases in daily users and nothing explicitly for cutting spam.

CNN reported that Musk’s legal team has subpoenaed Zatko, after the whistleblower disclosure was made public. The Tesla CEO could not be reached for comment.

Source…

Facebook’s Ex-Security Chief Details His ‘Observatory’ for Internet Abuse – WIRED

/in

Facebook’s Ex-Security Chief Details His ‘Observatory’ for Internet Abuse  WIRED

When Alex Stamos describes the challenge of studying the worst problems of mass-scale bad behavior on the internet, he compares it to astronomy. To chart the …

“internet security news” – read more