Canadian National Charged for Stealing $65 Million in Crypto 

U.S. prosecutors have charged Andean Medjedovic, a 22-year-old Canadian, with five counts of criminal indictment for allegedly orchestrating a sophisticated cryptocurrency theft. 

Medjedovic is accused of exploiting vulnerabilities in the KyberSwap and Indexed Finance DeFi protocols, resulting in significant financial losses.

The alleged schemes carried out between 2021 and 2023, resulted in the theft of approximately $65 million in digital assets from unsuspecting investors.

Exploitation of DeFi Protocols

Medjedovic is accused of exploiting smart contract vulnerabilities in the KyberSwap Elastic and Indexed Finance platforms. These protocols rely on automated algorithms to facilitate token exchanges and manage liquidity pools. 

According to the indictment, Medjedovic manipulated these systems by borrowing hundreds of millions of dollars in digital tokens through flash loans—a mechanism that allows users to borrow funds without security as long as the loan is repaid within a single transaction.

Using precise calculations, Medjedovic allegedly manipulated key variables in the smart contracts governing these platforms. 

This manipulation allowed him to withdraw funds at artificially inflated prices, rendering the victims’ investments essentially worthless.

In October 2021, Medjedovic reportedly stole $16.5 million from Indexed Finance by targeting its decentralized index rebalancing mechanism. 

Two years later, in November 2023, he executed a more elaborate attack on KyberSwap Elastic, draining $48.8 million by manipulating tick ranges and liquidity pools across multiple blockchain networks, including Ethereum and Arbitrum.

Prosecutors allege that Medjedovic laundered the stolen funds through a series of complex transactions involving cryptocurrency mixers and cross-chain “bridging” mechanisms to obscure the origins of the assets. 

He also used false identities to open accounts on crypto exchanges. Medjedovic attempted to extort the platform’s developers by proposing a sham settlement. 

He demanded full control over KyberSwap’s decentralized autonomous organization (DAO) in exchange for returning half of the stolen funds. The proposal was rejected.

Charges and Penalties

The indictment includes five charges:

• Wire Fraud: Using electronic communications to execute fraudulent schemes (up to 20 years imprisonment per count).
• Unauthorized Damage to a Protected Computer: Exploiting smart contract vulnerabilities (up to 10 years imprisonment).
• Attempted Hobbs Act Extortion: Demands that are imposed through manipulation or threats (up to 20 years imprisonment).
• Money Laundering Conspiracy: Concealing illicit proceeds through layered transactions (up to 20 years imprisonment).
• Money Laundering: Direct involvement in laundering stolen assets (up to 20 years imprisonment).

If convicted on all counts, Medjedovic could face decades behind bars.

The investigation involved multiple U.S. agencies, including the FBI, IRS Criminal Investigation (IRS-CI), and Homeland Security Investigations (HSI), with assistance from international partners such as the Netherlands’ Cybercrime Unit and Canadian authorities.

This instance highlights the increasing dangers of DeFi platforms, which function without centralized control. 

Vulnerabilities in smart contracts—such as those exploited by Medjedovic—highlight the need for rigorous security audits and improved regulatory frameworks.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The post Canadian National Charged for Stealing $65 Million in Crypto  appeared first on Cyber Security News.