Federal prosecutors in the United States are formally charging Andean Medjedovic, the accusing him of multiple offenses, including wire fraud, computer hacking, and attempted extortion. The charges stem from his alleged attacks on two DeFiplatforms: KyberSwap and Indexed Finance.

According to reports, Medjedovic used “deceptive trades” to exploit vulnerabilities in these protocols to steal a total of $65 million from the two platforms.

Medjedovic remains at large, with outstanding warrants in both the US and Canada. In 2021, he failed to appear in court regarding the Indexed Finance hack. But who is he?

A math whiz who showed his intellectual prowess from a very young age

Medjedovic displayed extraordinary academic talent from a young age. At just 14 years old, he graduated high school in Waterloo, Canada, and enrolled at the University of Waterloo-an institution renowned for its mathematics program.

By the age of 17, Medjedovic had already completed his undergraduate degree in mathematics and proceeded directly to a master’s program. Within a year, he presented his thesis and was reportedly preparing for PhD applications.

During his academic years, Medjedovic was also an active participant of Code4rena, a security competition where he won multiple prizes for identifying vulnerabilities in various systems. It was also during this time where he also became deeply involved in DeFi, particularly in researching automated market makers (AMMs).

Medjedovic's trying his theory on Indexed Finance

In October 2021, Medjedovic conducted his first hack on the DeFi platform by artificially manipulating Indexed Finance's liquidity pool by using millions of dollars of borrowed token to distort the platform's smart contract reindexing process by which it added new tokens to liquidity pools.

It was reported that Medjedovic first noticed this vulnerability after reading about Indexed Finance on a forum and realised that there was a way to get around limits on trades in the pools.

It was reported in the Bloomberg article that Medjedovic didn't believe it at first, but after running the calculations a few times and seeing that the hack was possible, he reportedly spent the next few months writing an ascript to execute it.

In the end, he managed to escape with $16.5 million in investors tokens from the liquidity pools.

But law enforcers quickly caught up to him and issued an order to freeze all of his tokens, along with a civil-search-and-seizure warrant that would allow authorities to search Medjedovic belongings and residence.

But by then, Medejovic has already gone into hiding.

Medjedovic's second hack

Then in 2023, KyberSwap was also compromised, and the method of the hack was oddly familiar. According to the documents, the hacker pumped in hundreds of millions of dollars in crypto to manipulate the prices of the liquidity pools.

The hacker then exploited KyberSwaps's AMMs and pumped in just the right amount of tokens for the system to glitch. Using this method, the hacker managed to get his hands on nearly $49 million in investor crypto.

But the hacker was far from done. After stealing the money, the hacker apparently attempted to extort the developers of the protocol.

He promised to return all the stolen funds, in exchange for complete control of critical aspects of the protocol, including the company, temporary full authority and ownership of its governance mechanism, all documents related to the company, and all of the Kyber company's assets.

But how did they realise that this was also the work of Medjovic?

"Code Is Law" rebuttal rejected by the Canadian courts

Apparently, local authorities didn't realise that the hacker behind the KyberSwap was Medjovic. But it was his own hubris and arrogance that led the police to trace it back to him.

While tracing the hack, police officers found a peculiarity in the code, and the use of the figure "1488"-a neo Nazi shorthand. The code of the hackers was also peppered with various instances of racist slurs, according to Bloomberg reports.

Apparently, police officers also manage to trace his users name to his school handle, ultimately leading police officers to him.

Till this day, Medjovic thinks that he has done nothing wrong, citing something called the "code is law." In his statement, it was reported that Medjovic said that the index Finance was out-traded and that code is law. But Canadian Superior Court Justice Fred Myers disagreed.

Now they are pressing charges against Medjedovic. With Medjedovic remaining at large, it is uncertain if or when he will face trial.

However, the DOJ has confirmed that US authorities are coordinating with international law enforcement agencies, including the Netherlands’ Public Prosecution Service and the Dutch National Police’s Cybercrime Unit in The Hague.