A Canadian man has been charged with exploiting decentralized finance (DeFi) protocols to steal approximately $65 million from unsuspecting investors.
A five-count criminal indictment, unsealed today in a federal court in New York, accuses 22-year-old Andean Medjedovic of targeting vulnerabilities in automated smart contracts used by two prominent DeFi platforms: KyberSwap and Indexed Finance.
According to court documents, Medjedovic’s scheme carried out between 2021 and 2023, involved borrowing hundreds of millions in digital tokens and leveraging deceptive trading strategies.
These trades manipulated the smart contracts’ algorithms, causing them to miscalculate crucial variables and enabling Medjedovic to withdraw investor funds at artificially inflated prices. The resulting losses rendered many of the victims’ investments worthless.
In addition to the alleged theft, Medjedovic is accused of laundering the stolen funds through complex transactions to obscure their origins.
These efforts reportedly included swap transactions, bridging assets across multiple blockchains, and using a cryptocurrency “mixer” to anonymize the stolen funds. Prosecutors also allege that Medjedovic opened exchange accounts under false identities to further disguise his activities.
In November 2023, Medjedovic allegedly escalated his fraudulent activity with an extortion attempt.
Following the exploit of KyberSwap, he proposed a fraudulent settlement, demanding full control of the KyberSwap protocol and its decentralized autonomous organization (DAO) as a condition to return half of the stolen assets.
Medjedovic faces five federal charges, including:
Each charge carries severe penalties, with up to 20 years in prison for the most serious counts and 10 years for unauthorized computer damage. A federal district court judge will ultimately determine Medjedovic’s sentence, considering the U.S. Sentencing Guidelines.
The case was investigated by the IRS Criminal Investigation (IRS-CI), Homeland Security Investigations (HSI), the FBI, and U.S. Customs and Border Protection, with support from international partners, including the Netherlands’ Public Prosecution Service and Dutch Cybercrime Unit.
“This case underscores the Justice Department’s commitment to holding individuals accountable, no matter how sophisticated their schemes,” said Antoinette T. Bacon, Supervisory Official at the DOJ’s Criminal Division.
Assistant U.S. Attorneys Nicholas Axelrod and Andrew Reich, along with the DOJ’s National Cryptocurrency Enforcement Team (NCET), are leading the prosecution.
While the charges are serious, it is important to note that an indictment is merely an allegation. Medjedovic is presumed innocent until proven guilty in a court of law.
The case highlights the risks associated with DeFi platforms and the ongoing efforts of law enforcement to combat cryptocurrency-related crimes.
Investors are reminded to exercise caution in navigating the complex and evolving crypto landscape.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Secure Ideas, a premier provider of penetration testing and security consulting services, proudly announces its…
Symantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マネックス証券), a…
In a concerning development, CERT-UA, Ukraine's Computer Emergency Response Team, has reported a series of…
Hunters International, a ransomware group suspected to be a rebrand of the infamous Hive ransomware,…
In a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a…
A newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental,…
