### Canadian Mathematician Faces Decades in Prison for Alleged $65 Million Cryptocurrency Heist
In a case that highlights the weaknesses of decentralized finance (DeFi) platforms, federal prosecutors have charged 22-year-old Andean Medjedovic, a Canadian citizen, for allegedly orchestrating a $65 million cryptocurrency theft. The indictment, made public this week, accuses Medjedovic of taking advantage of smart contract flaws in two DeFi platforms—KyberSwap and Indexed Finance—between 2021 and 2023. If found guilty, he could face decades behind bars for offenses including wire fraud, computer hacking, and attempted extortion.
#### **The Alleged Scheme**
The indictment states that Medjedovic employed advanced “manipulative trading practices” to exploit vulnerabilities in the platforms’ automated market maker (AMM) systems. These systems, which depend on liquidity pools funded by user-contributed cryptocurrency, are intended to enable smooth token swaps. Nevertheless, Medjedovic allegedly manipulated these pools to extract millions of dollars.
In the KyberSwap incident, prosecutors assert that Medjedovic borrowed hundreds of millions of dollars in cryptocurrency to artificially raise prices within the platform’s liquidity pools. By executing specific combinations of trades, he reportedly caused the AMM system to “glitch,” allowing him to withdraw $48.8 million from 77 liquidity pools across six public blockchains. The indictment further alleges that Medjedovic attempted to extort KyberSwap developers and investors by proposing to return half of the stolen money in exchange for control of the platform.
A comparable scheme was allegedly perpetrated in 2021 against Indexed Finance, where Medjedovic is accused of exploiting the platform’s “re-indexing” procedure to steal $16.5 million. Indexed Finance pools, functioning like mutual funds for digital tokens, were manipulated to establish artificial prices, permitting Medjedovic to drain investor accounts.
#### **Laundering the Proceeds**
Prosecutors assert that Medjedovic employed sophisticated techniques to launder the stolen cryptocurrency. He reportedly used “bridge” protocols to move funds across blockchains and employed cryptocurrency “mixers” to hide the origins of the assets. In one case, after a bridge protocol froze several of his transactions, Medjedovic allegedly paid $80,000 to someone he thought could circumvent the restrictions. This transaction, however, ultimately led to his identification and subsequent indictment.
Medjedovic is also accused of maintaining a comprehensive “moneyMovementSystem” playbook, detailing steps for laundering significant amounts of cryptocurrency. The playbook reportedly contained instructions for evading “Know Your Customer” (KYC) protocols and utilizing fraudulent exchange accounts to cash out misappropriated funds.
#### **A Calculated Attack**
The indictment suggests a carefully orchestrated operation. Prosecutors argue that Medjedovic spent months studying the platforms to determine the best time to launch his schemes. His mathematical expertise, developed through a master’s degree in mathematics from the University of Waterloo, was said to be crucial in crafting the intricate attacks.
In court documents from a separate case in Ontario in 2021, Medjedovic was noted for applying his “formidable mathematical prowess” to conduct a sophisticated computer attack against Indexed Finance. Canadian authorities charged him with persuading the platform to transfer $15 million in cryptocurrency into his accounts.
#### **The Role of Undercover Agents**
Medjedovic’s fall was reportedly aided by an undercover law enforcement source. After being barred from several platforms due to his alleged involvement in the KyberSwap attack, Medjedovic sought help to transfer funds from restricted accounts. He reportedly promised the undercover agent $86,559 to facilitate the transaction, leading to his identification and eventual indictment.
#### **The Broader Implications for DeFi**
The case underscores the inherent dangers associated with DeFi platforms that depend on smart contracts to automate financial transactions. Although these contracts are designed to be tamper-resistant, their security is contingent on the integrity of the code they are built upon. Weaknesses in smart contracts have been exploited in numerous high-profile instances, including the 2016 hack of The DAO, which resulted in a $50 million loss, and the 2021 MonoX Finance breach, which saw $31 million taken.
#### **Charges and Potential Penalties**
Medjedovic faces multiple charges, including wire fraud, computer hacking, and attempted extortion. Should he be convicted, he could confront considerable fines and decades in prison. This case acts as a stark reminder of the legal and ethical ramifications of exploiting technological vulnerabilities for personal advantage.
#### **Conclusion**
As the cryptocurrency and DeFi sectors keep expanding, this case highlights the necessity of stringent security measures and regulatory oversight. While the decentralized nature of these platforms provides numerous advantages, it also presents unique challenges in preventing and prosecuting financial crimes. The indictment of Andean Medjedovic serves as a cautionary example for both developers and users, emphasizing the importance of vigilance in an increasingly digital financial environment.
