> For the complete documentation index, see [llms.txt](https://research.blockscope.co/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://research.blockscope.co/andean-medjovic-case-and-investigation/the-second-allegation.md). # The Second Allegation ## Kyberswap Hack
In the indictment, Medjedovic was alleged to have exploited [KyberSwap](https://kyberswap.com/swap/ethereum) in 2023, as well as Indexed Finance in 2021, manipulating central liquidity pools using front-running bots and a network of dozens of addresses. By executing sophisticated MEV (Maximal Extractable Value) attacks, Medjedovic drained approximately $48.8 million from KyberSwap’s liquidity pools. A Tracer analysis reveals the intricate nature of this exploit, showing how Medjedovic leveraged automated trading bots to front-run legitimate transactions. By predicting the order flow, he destabilized KyberSwap’s liquidity structure, profiting from arbitrage inefficiencies and price slippages. The attack resulted in massive losses for liquidity providers and highlighted vulnerabilities in automated market maker (AMM) designs.

A basic tracer for the KyberSwap exploit showing the exploiter leveraging multiple protocols, including Tornado Cash and bots, to execute and obfuscate funds.

KyberSwap, a decentralized exchange (DEX) powered by the Kyber Network, facilitates seamless token swaps using aggregated liquidity pools. The exploit targeted centralized liquidity pools, where Medjedovic's bot-driven transactions manipulated price curves, allowing him to execute trades at unfair advantages. The attack was executed using **flash loans**, rapidly borrowing and repaying assets within the same transaction to amplify the exploit’s impact. In the aftermath of the attack, **Kyber Network engaged with Medjedovic**, urging the return of stolen funds. However, responses remained elusive, and negotiations ultimately failed.

On-chain message from the hacker to the KyberSwap team; Tx hash: 0x7a8912583520304ce2364fa165dafe94461a91ab2dcf45dab942e296594dc40a

Kyberswap's proposal to the hacker; Tx. hash: 0xfeb8bd91320ed818cefd72aba25d48f4b50964549681096d6fae3d2320c75743

A more detailed technical breakdown can be found in the **KyberSwap Post-Mortem Report:** [**https://blog.kyberswap.com/post-mortem-kyberswap-elastic-exploit/**](https://blog.kyberswap.com/post-mortem-kyberswap-elastic-exploit/) ## Conclusion The case of Andean Medjedovic marks a pivotal moment in decentralized finance (DeFi), highlighting the growing legal scrutiny of DeFi exploits. His attacks on Indexed Finance (2021) and KyberSwap (2023) exposed critical vulnerabilities in smart contracts and governance, siphoning nearly $65 million through flash loan attacks, price oracle distortions, and MEV strategies. His indictment by the U.S. Department of Justice (DOJ) and an ongoing class-action lawsuit in Canada challenge the "code is law" defense, setting a precedent that DeFi exploits can be prosecuted as financial crimes rather than technical arbitrage. Beyond legal ramifications, Medjedovic’s case underscores the urgent need for stronger DeFi security measures, including rigorous audits, improved oracle mechanisms, and real-time threat detection. As he remains a fugitive, pursued by global law enforcement, the outcome of these proceedings will shape the future of DeFi accountability, influencing regulations, investor confidence, and the industry's long-term sustainability. The balance between decentralization and legal responsibility is now more crucial than ever. For more information regarding the indictment and the legal charges, refer to this link: **Written by**: [Tushar Tiwari](https://in.linkedin.com/in/tushar-tiwari-1380271b7), Analyst @ Blockscope For more information, please reach out to us at ****
Disclaimer: Best Effort Investigation This investigation and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations: * The data used in this investigation may contain inaccuracies, omissions, or errors. * Information sources may be incomplete or subject to change. * New evidence may emerge that could alter the conclusions. * Analysis and interpretations are based on current understanding and may evolve.We have made every reasonable attempt to ensure accuracy, but cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://research.blockscope.co/andean-medjovic-case-and-investigation/the-second-allegation.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.