World’s First Case Is Profiting from Hacking Exchange Smart Contracts Considered Fraud?

On July 11, 2023, the U.S. Department of Justice issued a press release claiming that criminal charges will be brought in a case of a hacker attacking a virtual asset exchange. According to the press release, Damian Williams, the U.S. Attorney for the Southern District of New York, along with law enforcement agencies such as the U.S. Department of Homeland Security and the Internal Revenue Service, conducted a detailed investigation and obtained evidence in the case. The defendant, Shakeeb Ahmed (referred to as Mr. A), is charged with “wire fraud” and “money laundering”. Mr. A was arrested in the state of New York on the morning of July 11, local time.

Notably, this case is the first global case where a hacker is charged with “wire fraud” after profiting from attacking a virtual currency exchange. The Sa Team believes that if the defendant (the hacker) is ultimately found guilty of telecommunications fraud-related crimes, it could set a dangerous and fascinating legal precedent – machines or programs can also be deceived.

01  Explaining the USA Vs. SHAKEEB AHMED case

In July 2022, the defendant Mr. A, a U.S. citizen residing in Manhattan, New York, planned and executed a network attack against a smart contract of a virtual currency exchange. Mr. A gained approximately $9 million worth of virtual currency from this network attack.

Specifically, Mr. A’s method of attacking the virtual currency exchange was very unique. The attacked exchange is an overseas decentralized virtual currency exchange established and operated on the Solana chain through smart contracts, also known as an “automated market maker”. The biggest difference between this automated market maker and platforms like Binance is that it does not require human involvement or minimal maintenance work. It can operate continuously on the chain based on smart contracts, providing users with virtual currency exchange or other specific services.

As a senior security engineer at an international blockchain technology company, Mr. A has rich knowledge in blockchain and smart contracts and is familiar with smart contract and blockchain auditing. He used his technical expertise to discover major vulnerabilities in the smart contract of the virtual currency exchange and “deceived” the smart contract by tampering with the data. This caused the smart contract to mistakenly transfer the assets of the exchange and other users in the exchange’s liquidity pool to Mr. A. Mr. A’s specific actions were very professional and complex. To help everyone understand better, the Sa Team will give an analogy that may not be entirely appropriate: Mr. A’s behavior is similar to someone using loopholes and false fund flows in a bank system program to deceive the bank system, making the system “mistakenly believe” that his account has a deposit of 100 billion dollars, and based on this, the system settles interest for the account holder (even if the interest rate is low, as long as the deposit base is large enough, the interest amount will be enormous). What Mr. A deceived is equivalent to this “interest”.

Later, Mr. A quickly “laundered” the approximately $9 million in virtual currency he obtained through fraudulent cryptocurrency exchanges through a series of operations:

(1) Trading the fraudulently obtained virtual currency on other trading platforms;

(2) Exchanging the traded tokens for Ethereum tokens through cross-chain transactions;

(3) Exchanging the Ethereum tokens for more untraceable Monero coins;

(4) Trading and exchanging Monero coins using overseas cryptocurrency exchanges.

The Saje team believes that Mr. A has used almost all the money laundering methods that an ordinary person can use to conceal and transfer his criminal proceeds, except for not using mixers and NFTs. However, due to the early discovery of the smart contract vulnerability, Mr. A failed to successfully transfer the assets involved. After the incident, Mr. A had negotiations with the cryptocurrency exchange and was willing to return most of the proceeds of the crime (while requesting to keep $1.5 million) in exchange for the exchange not reporting the matter to law enforcement agencies.

02. Can smart contracts be the subject of fraud crimes?

Under US law, wire fraud refers to a crime where a person uses some form of telecommunications or the internet to commit fraud and deceive others of their property. Specifically, wire fraud requires the perpetrator to use methods such as telephone, fax, email, text messages, the internet, or social media to commit fraud and deceive victims of their property. Section 941.18 U.S.C. 1343 of the Justice Criminal Resource Manual clearly defines the key elements of wire fraud:

(1) The defendant voluntarily and intentionally designed or participated in a scheme to defraud others of money;

(2) The defendant did so with fraudulent intent;

(3) It can reasonably be foreseen that interstate wire communication will be used;

(4) Interstate wire communication was actually used.

Wire fraud is a federal crime and, if convicted, can result in a maximum sentence of 20 years imprisonment and a fine of $250,000. The fine amount can be doubled for corporations or illegal organizations, up to a maximum of $500,000. It is worth noting that, like in China, the victims of wire fraud in the United States have always been individuals, corporations, or illegal organizations. There has never been a case where a machine or program has been convicted of wire fraud, which is why the SHAKEEB AHMED case is noteworthy.

So, can smart contracts be the subject of fraud crimes? This question has actually been discussed and controversial for a long time.

Scholars who hold a negative view believe that only individuals or legal entities composed of individuals can be the subject of fraud crimes. Pure machines or programs cannot be “deceived”. These scholars cite criminal law theories and believe that machines operate based on pre-set conditions and produce corresponding results based on different input data. Therefore, machines cannot “make cognitive errors” and there is no possibility of being deceived. For example, Zheng Yang, a postdoctoral scholar at Beijing Institute of Technology, believes that the notion that “machines can be deceived” cannot withstand scrutiny. If artificial intelligence or other machines are classified as the subject of fraud crimes, it would transcend the current level of development of artificial intelligence, violate the pure tool attribute of artificial intelligence, and confuse the “deception” in fraud crimes with the “deception” in everyday life.

However, some scholars believe that although machines cannot be deceived, “robots” can be deceived because the target of deception is actually the person behind the machine, and machines can be seen as an extension of human consciousness. For example, Professor Liu Xianquan from East China University of Political Science and Law believes that just because “machines cannot be deceived” is considered common knowledge in some criminal law theories, it does not necessarily mean that our criminal law cannot classify acts of deceiving machines as fraud crimes. This viewpoint treats the result as an argument.

In fact, the conclusion that “machines cannot be deceived” is based on the premise that “the meaning of deception lies in causing the other party to have a mistaken understanding of the facts”. If the object of deception does not have the ability to think, it is impossible for them to have an understanding of the facts, and therefore there is no such thing as a “correct understanding” or “wrong understanding”. Therefore, this theory believes that the object of deception is limited to “humans” or “organizations” composed of humans.

However, with the rapid development of artificial intelligence, this basic understanding and consensus in criminal law is gradually being seriously challenged, and whether machines can be the target of deception will become a focus of debate among legal scholars in the future.

03. If this case occurred in China, what kind of crime would it constitute?

If this controversial case occurred in China, the suspect may be involved in three types of crimes: (1) fraud; (2) theft; (3) cybercrime.

(1) Fraud

According to China’s Criminal Law, for the crime of fraud, the suspect needs to have the purpose of illegal possession, commit fraudulent behavior, make the victim fall into a mistaken understanding, and voluntarily dispose of property to benefit the suspect. Based on common understanding and a large number of judicial practices, the object of fraud crimes in China is still mainly limited to natural persons or legal entities composed of individuals. However, in recent years, due to the rapid development of artificial intelligence and online payments, there have also been precedents that have to some extent exceeded the restrictions on the object of fraud crimes.

For example, the widely publicized case of college students taking advantage of the vulnerabilities in the self-ordering machines and app of a popular fast-food chain, KFC. In this case, the individuals exploited the loopholes in the KFC self-ordering machines and app. After purchasing KFC combo vouchers, they simultaneously logged into the same account from multiple client devices. While one client was in the process of ordering and waiting for payment, another client requested a refund for the voucher, successfully obtaining a free meal. The individuals involved also sold the KFC combo redemption codes obtained through this loophole on a second-hand trading platform for illegal profits at a certain seafood market.

In this case, the individuals took advantage of the discrepancy between the KFC app client and a certain social platform client’s ordering system data. By initiating fraudulent transactions and subsequently requesting refunds, they created an “information gap” that caused errors in the ordering process, enabling them to profit illegally. The suspects in this case were convicted and punished for fraud by the court. Although this case is an individual one, and China is not a country with a case law system, it can be observed from this case that as long as it complies with legal provisions, the judicial authorities in China do not actually exclude the possibility of expanding the scope of fraud offenses within a legal and reasonable range (of course, this has also caused a lot of controversy). In other words, if the SHAKEEB AHMED case had occurred in China, there would also be a certain probability of convicting and punishing the suspect for fraud.

(II) Theft or Cybercrime

Theft and cybercrime are old acquaintances of the cryptocurrency community. During the era of the gradual popularization of concepts like Bitcoin and other virtual currencies around 2017, and the proliferation of initial coin offerings (ICOs), acts of theft and deception involving others’ virtual currencies were rampant. In judicial practice, two approaches emerged for dealing with such cases: treating them as theft or as cybercrimes (such as illegal acquisition of computer information system data or destruction of computer information systems).

At the time, many cases of theft or the misappropriation of virtual currencies were treated as cybercrimes in judicial practice. This was mainly because the legal nature of virtual currencies was unclear at that time, and courts were hesitant to treat them as property.

For example, in the case of Tian illegally acquiring computer information system data [(2020) Ji 1102 Criminal Preliminary No. 500], in August 2019, the victim, Liu, intended to invest in “Bitcoin” and was introduced to the defendant, Tian, by a friend who had invested in “Tether.” That month, Tian helped Liu invest more than 2.57 million yuan in purchasing 35 “Bitcoins” and downloaded the “Bityuan Wallet” and “Imtohen Wallet” on Liu’s phone for storing the “Bitcoins.” During this process, Tian obtained the 12 English mnemonic words and login password for opening the aforementioned wallets. In October 2019, Tian, using the mnemonic words and login password, instructed a netizen surnamed Liu to enter the computer system and transfer the 35 “Bitcoins” from Liu’s “wallet” to Tian’s “Bityuan Wallet,” and sold 9 of them for personal consumption.

The court believes that the defendant, Mr. Tian, violated national regulations by illegally intruding into someone else’s computer information system and obtaining data stored in that information system. The circumstances are particularly serious, and his behavior constitutes the crime of illegally obtaining data from a computer information system.

In the SHAKEEB AHMED case, the suspect, Mr. A, essentially carried out a cyber attack. Although this caused the smart contract to fall into error, if we look at the behavior itself, attacking the smart contract is an illegal intrusion into a computer information system, illegal acquisition of computer data, and hacking behavior that damages the computer information system. Therefore, the SHAKEEB team believes that it is appropriate to convict and punish him for information network crimes. It may even constitute an imagined concurrent offense with the aforementioned fraud crime, resulting in a conviction for multiple crimes. As for the theft crime, the SHAKEEB team believes that the act of obtaining virtual currency is achieved through “deception” of the smart contract. If it is convicted as theft, it would violate the principle of criminal law.

04. Final Thoughts

With the development of AI technology and the increasing prevalence of human-machine interaction, law, as a form of superstructure (social norms), will inevitably evolve with the development of technology. Therefore, in the era of strong artificial intelligence, it is not impossible to break through the criminal object of fraud.

At the same time, the SHAKEEB team has a saying: Traditional legal theory has always been influenced by pure instrumentalism, and the view that machines and programs cannot “think” and therefore cannot generate “knowledge” is being challenged with the development of AI technology. As legal practitioners and researchers in the new era, we should approach problems and solve them with an inclusive and progressive mindset. After all, history has proven that those who work in isolation and cling to old ways will never surpass those who open their eyes to the world.

Like what you're reading? Subscribe to our top stories.

We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!

Follow us on Twitter, Facebook, YouTube, and TikTok.


Was this article helpful?

93 out of 132 found this helpful

Gambling Chain Logo
Digital Asset Investment
Real world, Metaverse and Network.
Build Daos that bring Decentralized finance to more and more persons Who love Web3.
Website and other Media Daos

Products used

GC Wallet

Send targeted currencies to the right people at the right time.