The Second Allegation

Kyberswap Hack

In the indictment, Medjedovic was alleged to have exploited KyberSwap in 2023, as well as Indexed Finance in 2021, manipulating central liquidity pools using front-running bots and a network of dozens of addresses. By executing sophisticated MEV (Maximal Extractable Value) attacks, Medjedovic drained approximately $48.8 million from KyberSwap’s liquidity pools.

A Tracer analysis reveals the intricate nature of this exploit, showing how Medjedovic leveraged automated trading bots to front-run legitimate transactions. By predicting the order flow, he destabilized KyberSwap’s liquidity structure, profiting from arbitrage inefficiencies and price slippages. The attack resulted in massive losses for liquidity providers and highlighted vulnerabilities in automated market maker (AMM) designs.

KyberSwap, a decentralized exchange (DEX) powered by the Kyber Network, facilitates seamless token swaps using aggregated liquidity pools. The exploit targeted centralized liquidity pools, where Medjedovic's bot-driven transactions manipulated price curves, allowing him to execute trades at unfair advantages. The attack was executed using flash loans, rapidly borrowing and repaying assets within the same transaction to amplify the exploit’s impact.

In the aftermath of the attack, Kyber Network engaged with Medjedovic, urging the return of stolen funds. However, responses remained elusive, and negotiations ultimately failed.

A more detailed technical breakdown can be found in the KyberSwap Post-Mortem Report: https://blog.kyberswap.com/post-mortem-kyberswap-elastic-exploit/

Conclusion

The case of Andean Medjedovic marks a pivotal moment in decentralized finance (DeFi), highlighting the growing legal scrutiny of DeFi exploits. His attacks on Indexed Finance (2021) and KyberSwap (2023) exposed critical vulnerabilities in smart contracts and governance, siphoning nearly $65 million through flash loan attacks, price oracle distortions, and MEV strategies. His indictment by the U.S. Department of Justice (DOJ) and an ongoing class-action lawsuit in Canada challenge the "code is law" defense, setting a precedent that DeFi exploits can be prosecuted as financial crimes rather than technical arbitrage.

Beyond legal ramifications, Medjedovic’s case underscores the urgent need for stronger DeFi security measures, including rigorous audits, improved oracle mechanisms, and real-time threat detection. As he remains a fugitive, pursued by global law enforcement, the outcome of these proceedings will shape the future of DeFi accountability, influencing regulations, investor confidence, and the industry's long-term sustainability. The balance between decentralization and legal responsibility is now more crucial than ever.

For more information regarding the indictment and the legal charges, refer to this link: https://www.justice.gov/usao-edny/pr/canadian-national-charged-stealing-approximately-65-million-cryptocurrency-two-defi

Written by: Tushar Tiwari, Analyst @ Blockscope

For more information, please reach out to us at [email protected]

Disclaimer: Best Effort Investigation

This investigation and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations:

• The data used in this investigation may contain inaccuracies, omissions, or errors.

• Information sources may be incomplete or subject to change.

• New evidence may emerge that could alter the conclusions.

• Analysis and interpretations are based on current understanding and may evolve.We have made every reasonable attempt to ensure accuracy, but cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available.