
DeFi 22-year-old Canadian hacker Andjan “Andy” Medjedovic stole $65 million from two decentralized finance (DeFi) platforms, KyberSwap and Indexed Finance.
The U.S. Department of Justice (DOJ) has released a criminal indictment alleging that the hacker manipulated and used smart contract calculations to gain illicit wealth. Medjedovic used a “flash loan” mechanism to obtain hundreds of millions of dollars in digital tokens. He then manipulated smart contracts to change the prices of assets, allowing him to withdraw funds at artificially low prices. The hackers then attempted to conceal the origin of the stolen funds using mixers and crypto bridges. In addition, in 2023, they attempted a “double extortion” by offering to return 50% of the stolen funds to KyberSwap victims in exchange for control of the platform.
Medzhedovich rose to fame in 2021 when he stole $16 million from Indexed Finance. The hacker was identified by cybersecurity experts who discovered that he lived in Waterloo, Canada. At the time, he claimed that he had a legal right to receive the stolen funds, citing the principle of “code is law.”
The hacker cooperated with law enforcement for some time and participated in virtual hearings, but eventually fled and evaded arrest. Medzhedovich now faces up to 90 years in prison for fraud, computer hacking, and money laundering. Although he claims to have “turned to the bright side” and taken up cybersecurity, his activities demonstrate the significant risks of decentralized financial platforms and the vulnerabilities of smart contracts.