Hacker behind $9 million crypto exploit charged in New York
- The crypto hack took place over a Solana-based liquidity protocol in July 2022.
- The hacker was allowed to keep $1.6 million as a white hat bounty.
The U.S. Attorney for the Southern District of New York Damian Williams charged the hacker behind a $9 million exploit on 11 July.
Williams framed it as “the first-ever criminal case involving an attack on a smart contract operated by a decentralized cryptocurrency exchange.” He informed that the crypto attack was carried out in July 2022.
Homeland Security agent Chad Plantz said in a statement,
“Financial crime strikes at the core of our national and economic banking security. With an attack of this magnitude, it’s crucial we ensure continued consumer confidence in our financial system.”
The crypto hack took place over the Solana [SOL] based liquidity protocol Crema Finance in July 2022.
The hacker formerly worked as a security engineer at an international technology corporation. He allegedly exploited a smart contract bug to generate exorbitant costs for flash loans. As a result, he successfully stole $9 million in virtual assets from a decentralized Solana-based crypto exchange.
The hacker then withdrew these funds and laundered them through a series of a number of transfers on the blockchain in which he swapped cryptocurrencies. The funds were transferred across different blockchains, over different crypto exchanges.
Hacker kept $1.6 million as bounty but left trail
Most of the funds were returned but the hacker was allowed to keep $1.6 million as a white hat bounty. He also made a number of searches online, including “can I cross border with crypto,” “how to stop federal government from seizing assets” and “buying citizenship.”
The accused left a trail that law enforcement was able to follow due to the blockchain’s ability to track movements. A joint task force comprised of authorities and the US Attorney’s office followed the money.
The accused has been detained in New York and charged with wire fraud and money laundering in connection with the crypto attack. Each of these offences carries a potential jail sentence of 20 years maximum.