The U.S. Justice Department has charged a Canadian man with stealing roughly $65 million after exploiting two decentralized finance (DeFI) protocols.
DeFI platforms are blockchain-based systems that facilitate peer-to-peer financial services, eliminating the need for conventional centralized financial intermediaries like banks or brokerages.
These platforms deliver various financial services related to digital assets, enabling their users to lend, invest, earn interest, and trade assets through smart contracts and decentralized applications (dApps).
As revealed in court documents, 22-year-old Andean Medjedovic allegedly exploited vulnerabilities in the automated smart contracts used by the KyberSwap and Indexed Finance decentralized exchange aggregators and operators of digital token liquidity pools on the Ethereum network.
In total, he drained approximately $48.4 million in digital tokens from 77 different KyberSwap Elastic liquidity pools and roughly $16.5 million from two Indexed Finance liquidity pools (also known as index pools).
In November 2023, after exploiting KyberSwap, he allegedly attempted to extort victims with a fake settlement proposal, demanding control of the KyberSwap protocol and its decentralized organization in exchange for returning half of the stolen assets.
“Medjedovic borrowed hundreds of millions of dollars in digital tokens, which he used to engage in deceptive trading that he knew would cause the protocols’ smart contracts to falsely calculate key variables,” the U.S. DOJ said in a Monday press release.
“Through his deceptive trades, Medjedovic was able to, and ultimately did, withdraw millions of dollars of investor funds from the protocols at artificial prices, rendering the victims’ investments essentially worthless.”
Medjedovic is also accused of laundering proceeds from his fraudulent operations through transactions that concealed the funds’ source by using crypto exchange accounts opened using false identification, a cryptocurrency mixer, and swap and bridging transactions.
He is charged with one count of wire fraud, one count of unauthorized damage to a protected computer, one count of attempted Hobbs Act extortion, one count of conspiracy to commit money laundering, and one count of money laundering.
If found guilty, Medjedovic could face a maximum sentence of 10 years for unauthorized damage to a protected computer and up to 20 years for each of the other charges.