On February 3, 2025, the U.S. Attorney’s Office for the Eastern District of New York (EDNY) unsealed an indictment against Andean Medjedovic, a 22-year-old Canadian national, for allegedly stealing approximately $65 million in cryptocurrency from two decentralized finance (DeFi) protocols, KyberSwap and Indexed Finance.  Medjedovic is charged with wire fraud, violation of the Computer Fraud and Abuse Act (“CFAA”) for unauthorized damage to a protected computer, attempted Hobbs Act extortion, money laundering and money laundering conspiracy.  This case highlights the growing risks and vulnerabilities in DeFi platforms, which remain attractive targets for sophisticated cybercriminals.

Understanding the Alleged Scheme

DeFi platforms like KyberSwap and Indexed Finance operate on blockchain networks and use “smart contracts” to manage user transactions.  These smart contracts facilitate automated cryptocurrency exchanges by maintaining liquidity pools, which are funded by investors.  The indictment alleges that Medjedovic, a Canadian national, manipulated these smart contracts to drain funds from these pools, defrauding investors in the process through two different exploits.

The KyberSwap Exploit

KyberSwap operated digital token liquidity pools called “KyberSwap Elastic,” which used automated market maker (AMM) systems and smart contracts to improve market efficiencies by permitting liquidity providers to pre-determine the price at which they were willing to provide liquidity to the pool.  Medjedovic allegedly engaged in a sophisticated, multi-step process to manipulate the operation of the AMM systems for that liquidity pool product, including by exploiting a calculating error in the AMM to cause it to incorrectly calculate liquidity and corresponding trading rules, and eventually used the false liquidity information to withdraw digital tokens that represented nearly all of the value within the relevant liquidity pool.  His efforts allowed him to allegedly steal $48.8 million from 77 KyberSwap liquidity pools.

Following the exploit, Medjedovic allegedly attempted to extort KyberSwap’s developers and investors, demanding control over KyberSwap (both the company and a governance entity that managed the DeFi protocols for KyberSwap products) in exchange for returning half of the stolen funds.

The Indexed Finance Exploit

Indexed Finance’s liquidity pools operated similarly to mutual funds or exchange-traded funds but was indexed to digital tokens instead of traditional equities, and similarly was intended to track the net asset value of the digital tokens in the liquidity pool.  Similar to KyberSwap, Indexed Finance relied upon an AMM and a smart contract called the “Index Controller” to manage the pools.  Medjedovic allegedly exploited a flaw in the platform’s re-indexing mechanism, which adjusts the pools’ asset composition based on changes to market capitalization of the digital tokens.  Using manipulative trading tactics, he distorted token prices, allowing him to swap tokens worth around $3,000 for tokens in the liquidity pool that had a market value of $1.17 million.  After these and other efforts to distort the market, Medjedovic allegedly used a series of swaps to drain $16.5 million worth of digital tokens from Indexed Finance’s pool, or approximately 98 % of the assets.

Money Laundering and Damaging Admissions

To conceal his gains, Medjedovic and an accomplice allegedly used cross-chain bridge services to facilitate the transfer of the stolen funds on the Ethereum network (notably managing to evade blacklisting and other efforts to prevent the movement of ill-gotten proceeds), laundered the funds through both fraudulent exchange accounts and a “crypto-mixer,” an entity designed to obscure the source of digital assets and frustrate the ability to trace those assets on the publicly viewable blockchain.  Medjedovic is also alleged to have made several incriminating statements about the scheme, including that he was “gonna commit a crime someday” and that, after his actions, he would “be on the run forever” and needed “advise [sic] about becoming a pirate.”

The Legal and Enforcement Landscape

The charges against Medjedovic reflect an aggressive law enforcement approach to crypto-related financial crimes.  Prosecutors are leveraging specialized units, including the National Cryptocurrency Enforcement Team (NCET), to investigate illicit crypto transactions and pursue prosecutions against alleged bad actors.  The case demonstrates both coordination among federal law enforcement agencies (the case involved the IRS Criminal Investigations, the FBI, and Homeland Security Investigations) and continued international cooperation in cybercrime prosecutions, as the case involved Europol and the Dutch National Police’s Cybercrime Unit in the Hague.

Implications for DeFi Investors and Developers

This case serves as a cautionary tale for individuals and entities interested in DeFi, and includes the following takeaways:

• Complexity breeds opportunity for mischief. The complex systems set up to manage digital token liquidity pools may be useful to increase market efficiency, but their complexity allows sophisticated actors to identify and exploit weaknesses in code or algorithms, as Medjedovic is alleged to have done.  DeFi market makers and others involved in creating and running these systems should take steps to “pressure test” their systems to identify and remediate potential weaknesses.
• Cybersecurity Remains Paramount. The case also highlights the related need to ensure that entities that operate in the DeFi space establish appropriate cybersecurity policies and controls and hire competent cybersecurity experts to administer the program.
• Money Laundering Risk for Third Parties. As Medjedovic’s alleged conduct demonstrates, bad actors may try to use digital currency tools designed for privacy and anonymity, such as mixers, to frustrate the ability to trace stolen or other proceeds of criminal activities.  Third parties who conduct business with such actors, either by permitting them to use their products or through direct transactions, face potential risk in their own right of violating U.S. money laundering laws, which make it a crime to knowingly engage in financial transactions with proceeds of specified unlawful activity when the transaction is designed to disguise the nature, source, or ownership of the proceeds.

Conclusion

The indictment of Andean Medjedovic underscores the evolving threats in cryptocurrency markets and the government’s increasing focus on prosecuting DeFi-related fraud. As law enforcement agencies sharpen their ability to track and prosecute blockchain-based crimes, both cybercriminals and negligent DeFi projects face heightened scrutiny.  For businesses and investors in the cryptocurrency space, compliance, security, and due diligence are more critical than ever.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Craig R. Heeren

Craig Heeren is a former federal prosecutor and seasoned trial lawyer who counsels clients in government and internal investigations as well as in cybersecurity response, national security inquiries and sanctions compliance. At the U.S. Attorney’s Office for the Eastern District of New York, Craig served in a number of leadership positions, including as deputy chief of the National Security and Cybercrime Section. He developed extensive relationships and experience with, among others, multiple U.S. Attorney’s Offices; the Department of Justice’s National Security Division, Computer Crimes Section, and Criminal Division; the Treasury Department’s Office of Foreign Assets Control (OFAC); and the Department of Commerce’s Bureau of Industry and Security (BIS). Craig advises clients on criminal, regulatory and complex civil matters related to cross-border regulations, trade secrets and intellectual property theft, cryptocurrency and artificial intelligence, anti-money laundering (AML) obligations, and securities regulations. He also works with clients to design, enhance and implement risk-based compliance programs and other policies.