US Uncovers Hacker Who Attacked KyberSwap and Indexed Finance

GhSo...taPv

4 Feb 2025

One of the biggest DeFi hacks in crypto history has finally identified the attacker.

The ringleader is revealed

On February 3, 2025, the US Department of Justice (DOJ) announced a five-count indictment against Andean Medjedovic, 22, a Canadian citizen. Medjedovic is accused of hacking two DeFi protocols, KyberSwap and Indexed Finance, and thereby stealing approximately $65 million from investors.

Loi Luu, founder of Kyber Network, posted the DOJ indictment on X and confirmed that the culprit had been exposed.

According to court records, from 2021 to 2023, Medjedovic exploited vulnerabilities in the smart contracts of KyberSwap and Indexed Finance. By borrowing hundreds of millions of dollars in digital tokens, he made fraudulent transactions to manipulate the key calculations of smart contracts, causing these protocols to miscalculate the value of assets. Taking advantage of this vulnerability, Medjedovic siphoned off millions of dollars from investors' funds at unrealistic prices, rendering their investments worthless.

After appropriating the above amount, Medjedovic made a series of complex transactions to launder money and conceal the origin of the assets. The methods used included:

Token swaps;

Cross-chain asset transfers;

Using cryptocurrency mixer services to erase all traces of transactions.

In addition, Medjedovic and his accomplices also opened accounts on cryptocurrency exchanges with fake information to conceal their identities and the origin of the proceeds from the fraud.

Extortion Plot

In November 2023, after manipulating KyberSwap, Medjedovic also “demanded” control of the entire protocol as well as the DAO that managed KyberSwap, in exchange for a refund of 50% of the stolen funds.

Andean Medjedovic also contacted an unknown undercover police officer (UC--1), who offered to help Medjedovic launder the proceeds of the KyberSwap hack by transferring the loot to the Ethereum blockchain, in exchange for a $100,000 reward.

During the transaction, UC-1 informed Medjedovic that he was in Brooklyn, New York, and the two parties actually communicated via text messages sent from the Eastern District of New York. To date, Andean Medjedovic is still at large.

Medjedovic still faces five charges:

Wire fraud;

Unlawful damage to a protected computer (maximum sentence: 10 years);

Attempted extortion under the Hobbs Act;

Conspiracy to launder money;

Money laundering.

For the remaining charges, Medjedovic could face a maximum of 20 years in prison for each count. If convicted on all counts, he could face up to 90 years in prison. However, a federal judge will determine the specific sentence based on U.S. sentencing guidelines and other legal factors.

The case is being investigated by U.S. law enforcement agencies, including:

Internal Revenue Service-Criminal Investigation (IRS-CI);

Homeland Security Investigations (HSI);

FBI New York Field Office;

U.S. Customs and Border Protection (CBP);

The US Department of Justice (DOJ).

In addition, Dutch law enforcement agencies, including the Dutch Public Prosecution Service and the Cybercrime Unit - The Hague of the Dutch National Police, have also provided significant support to the investigation.

The Andean Medjedovic case is one of the largest DeFi scams and attacks to date, causing tens of millions of dollars in losses to investors.

The Indexed Finance attack took place in October 2021. After another hack in 2023, control of Indexed Finance was transferred from the DAO to the founding team. The project's leadership has since returned the remaining assets of the protocol to the victims of the 2021 hack.