Sunday, February 9, 2025
HomecryptocurrencyCanadian National Charged with Stealing $65 Million in Crypto

Canadian National Charged with Stealing $65 Million in Crypto

Published on

SIEM as a Service

Follow Us on Google News

A Canadian man has been charged with exploiting decentralized finance (DeFi) protocols to steal approximately $65 million from unsuspecting investors.

 A five-count criminal indictment, unsealed today in a federal court in New York, accuses 22-year-old Andean Medjedovic of targeting vulnerabilities in automated smart contracts used by two prominent DeFi platforms: KyberSwap and Indexed Finance.

Alleged Exploits and Fraudulent Activity

According to court documents, Medjedovic’s scheme carried out between 2021 and 2023, involved borrowing hundreds of millions in digital tokens and leveraging deceptive trading strategies.

These trades manipulated the smart contracts’ algorithms, causing them to miscalculate crucial variables and enabling Medjedovic to withdraw investor funds at artificially inflated prices. The resulting losses rendered many of the victims’ investments worthless.

In addition to the alleged theft, Medjedovic is accused of laundering the stolen funds through complex transactions to obscure their origins.

These efforts reportedly included swap transactions, bridging assets across multiple blockchains, and using a cryptocurrency “mixer” to anonymize the stolen funds. Prosecutors also allege that Medjedovic opened exchange accounts under false identities to further disguise his activities.

Extortion Attempt

In November 2023, Medjedovic allegedly escalated his fraudulent activity with an extortion attempt.

Following the exploit of KyberSwap, he proposed a fraudulent settlement, demanding full control of the KyberSwap protocol and its decentralized autonomous organization (DAO) as a condition to return half of the stolen assets.

Medjedovic faces five federal charges, including:

  • Wire fraud
  • Unauthorized damage to a protected computer
  • Attempted Hobbs Act extortion
  • Money laundering conspiracy
  • Money laundering

Each charge carries severe penalties, with up to 20 years in prison for the most serious counts and 10 years for unauthorized computer damage. A federal district court judge will ultimately determine Medjedovic’s sentence, considering the U.S. Sentencing Guidelines.

The case was investigated by the IRS Criminal Investigation (IRS-CI), Homeland Security Investigations (HSI), the FBI, and U.S. Customs and Border Protection, with support from international partners, including the Netherlands’ Public Prosecution Service and Dutch Cybercrime Unit.

“This case underscores the Justice Department’s commitment to holding individuals accountable, no matter how sophisticated their schemes,” said Antoinette T. Bacon, Supervisory Official at the DOJ’s Criminal Division.

Assistant U.S. Attorneys Nicholas Axelrod and Andrew Reich, along with the DOJ’s National Cryptocurrency Enforcement Team (NCET), are leading the prosecution.

While the charges are serious, it is important to note that an indictment is merely an allegation. Medjedovic is presumed innocent until proven guilty in a court of law.

The case highlights the risks associated with DeFi platforms and the ongoing efforts of law enforcement to combat cryptocurrency-related crimes.

Investors are reminded to exercise caution in navigating the complex and evolving crypto landscape.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...