A 22-year-old Canadian man has been charged by the US Department of Justice with stealing $65 million by exploiting vulnerabilities in decentralized finance (DeFi) platforms.
What Are DeFi Platforms?
DeFi platforms are blockchain-based financial services that operate without traditional banks or financial institutions. They allow users to lend, invest, trade, and earn interest using digital assets through automated smart contracts and decentralized applications (dApps).
The Indictment
According to court documents, Andean Medjedovic took advantage of weaknesses in smart contracts used by two DeFi platforms:
- KyberSwap – He allegedly drained around $48.4 million from 77 different liquidity pools.
- Indexed Finance – He allegedly stole $16.5 million from two liquidity pools.
Medjedovic is accused of manipulating liquidity pools by borrowing large amounts of digital tokens and executing deceptive trades that tricked the smart contracts into miscalculating key values. This allowed him to withdraw investor funds at artificially low prices, causing victims to lose their money.
“Medjedovic borrowed hundreds of millions of dollars in digital tokens, which he used to engage in deceptive trading that he knew would cause the protocols’ smart contracts to falsely calculate key variables,” the DOJ said. “Through his deceptive trades, Medjedovic was able to, and ultimately did, withdraw millions of dollars of investor funds from the protocols at artificial prices, rendering the victims’ investments essentially worthless.”
Medjedovic is also accused of laundering the stolen funds by:
- Using fake identities to open crypto exchange accounts.
- Transferring funds through a cryptocurrency mixer to obscure transactions.
- Conducting swap and bridging transactions to move assets across different blockchains.
If convicted, he could face a maximum sentence of 10 years for hacking a protected computer and up to 20 years for each of the other charges.