Shakeeb Ahmed, a former security engineer at Amazon, has been sentenced to three years in prison for his involvement in hacking two decentralized cryptocurrency exchanges, leading to the theft of digital assets worth over $12 million.

According to court documents, Ahmed took advantage of vulnerabilities in blockchain contracts to carry out theft. He used sophisticated schemes to manipulate pricing data and exploit flaws in smart contracts. Specifically, he targeted Cream Finance and Nirvana Finance, making away with $9 million and $3.6 million, respectively.

Ahmed disguised his hacks as vulnerability research and even attempted to negotiate the return of stolen funds in exchange for substantial “bug bounties.” However, Nirvana Finance ceased operations when negotiations failed to reach an agreement on the return of its assets.

Ahmed utilized elaborate laundering techniques to conceal the origins and ownership of the stolen cryptocurrency, including token-swap transactions, bridging fraud proceeds between different blockchains, and converting funds into Monero, an anonymized cryptocurrency designed to be untraceable.

In addition to the three-year prison term, Ahmed, 34, was sentenced to three years of supervised release. He was also ordered to forfeit approximately $12.3 million, along with a significant quantity of cryptocurrency. Moreover, Ahmed has been mandated to pay restitution to both Cream Finance and Nirvana Finance, totaling over $5 million.