A Canadian hacker allegedly exploited vulnerabilities in two defi platforms, stealing $65 million and laundering funds through crypto mixers, prosecutors say. He remains at large.
DOJ Indicts Canadian Hacker for $65M Defi Exploit
The U.S. Department of Justice (DOJ) announced on Feb. 3 that a federal court in New York unsealed a five-count criminal indictment against Canadian citizen Andean Medjedovic, 22, for allegedly exploiting vulnerabilities in two decentralized finance (defi) protocols, Kyberswap and Indexed Finance, to steal approximately $65 million from investors.
According to court documents, Medjedovic manipulated smart contracts used in these defi platforms between 2021 and 2023, using deceptive trading tactics that tricked the protocols into falsely calculating key financial variables. As a result, he withdrew substantial sums at artificially generated prices, causing significant financial losses for investors. Additionally, prosecutors stated that he laundered the stolen funds through a network of transactions involving digital asset swaps, “bridging transactions,” and cryptocurrency “mixers” to obscure the origins and true ownership of the funds.
Federal officials emphasized their commitment to prosecuting financial crimes in emerging technologies. U.S. Attorney John J. Durham stated:
The defendant executed a highly sophisticated scheme to exploit two decentralized finance protocols and steal tens of millions of dollars’ worth of cryptocurrency from investors.
Authorities further allege that after executing the Kyberswap exploit in November 2023, Medjedovic attempted to extort the protocol’s developers and investors by offering a fraudulent settlement deal. He reportedly demanded full control of the Kyberswap platform and its governing decentralized autonomous organization (DAO) in exchange for returning only half of the stolen digital assets.
The indictment charges Medjedovic with wire fraud, unauthorized damage to a protected computer, attempted Hobbs Act extortion, money laundering conspiracy, and money laundering. If convicted, he faces a potential maximum sentence of 10 years for the computer damage charge and 20 years for each of the other four counts.
The case also received significant international assistance, including from the Netherlands’ Public Prosecution Service and Cybercrime Unit, and U.S. Customs and Border Protection. Medjedovic remains at large as authorities continue efforts to apprehend him.
Source: Bitcoin
