21-Year-Old Canadain Hacker Charged with $65M DeFi Heist

Andean Medjedovic, a 21-year-old Canadian, has been charged in connection with a high-profile $65 million heist involving decentralised finance (DeFi) platforms KyberSwap and Indexed Finance.

The charges, outlined in a Brooklyn federal court, include wire fraud, computer hacking, and attempted extortion.

Authorities have described the case as one of the most sophisticated cybercrimes in recent memory, taking advantage of vulnerabilities in crypto-based financial systems.

The announcement was made by John J. Durham, US Attorney for the Eastern District of New York, alongside officials from the Justice Department’s Criminal Division, IRS Criminal Investigation, FBI, and Homeland Security Investigations.

pic.twitter.com/jUYh7cNGKX
— US Attorney EDNY (@EDNYnews) February 3, 2025
a

Close to $49M Drained in KyberSwap Exploit

In November 2023, Medjedovic orchestrated a sophisticated attack on KyberSwap, a DeFi protocol that facilitates liquidity pools across various blockchains, including Ethereum and Arbitrum.

Exploiting a vulnerability in KyberSwap's automated market-making system, Medjedovic manipulated cryptocurrency transactions, artificially driving price fluctuations.

Through a series of strategic trades, he siphoned nearly $48.8 million from 77 liquidity pools spanning six blockchains.

Medjedovic then allegedly threatened KyberSwap's developers, investors, and decentralised autonomous organisation (DAO), demanding control of the platform in exchange for returning approximately half of the stolen funds.

To cover his tracks, he employed advanced crypto-laundering methods, utilising bridge protocols to move assets between blockchains and cryptocurrency mixers to obscure the origins of the stolen funds.

At one point, he even paid an undercover officer posing as a developer $80,000 to lift restrictions on a frozen $500,000 transaction.

The $16.5M DeFi Heist of Indexed Finance

Medjedovic’s involvement in cybercrime dates back to October 2021, when he targeted Indexed Finance, a DeFi protocol that manages pools of digital assets.

According to court documents, Medjedovic manipulated Indexed Finance’s re-indexing process, which adjusts liquidity pools when new tokens are added.

This manipulation distorted price calculations and enabled him to steal $16.5 million from investors.

He used borrowed cryptocurrency to artificially inflate values, then seized the assets once the prices were distorted.

Following the exploit, Medjedovic is believed to have partnered with an accomplice to launder the stolen funds.

They opened cryptocurrency exchange accounts using fraudulent identities and employed mixers to hide transaction trails.

Authorities later discovered a document titled “moneyMovementSystem,” which outlined his systematic approach to laundering large sums of money.