{"id":20890,"date":"2025-02-04T14:15:14","date_gmt":"2025-02-04T12:15:14","guid":{"rendered":"https:\/\/forklog.com\/en\/canadian-accused-of-stealing-65-million-from-kyberswap-and-indexed-finance\/"},"modified":"2025-02-04T14:15:14","modified_gmt":"2025-02-04T12:15:14","slug":"canadian-accused-of-stealing-65-million-from-kyberswap-and-indexed-finance","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/canadian-accused-of-stealing-65-million-from-kyberswap-and-indexed-finance\/","title":{"rendered":"Canadian Accused of Stealing $65 Million from KyberSwap and Indexed Finance"},"content":{"rendered":"<p>U.S. authorities have <a href=\"https:\/\/www.justice.gov\/usao-edny\/pr\/canadian-national-charged-stealing-approximately-65-million-cryptocurrency-two-defi\" title=\"\">charged<\/a> Canadian Andean Medjedovic with fraud, hacking, attempted extortion, and money laundering in connection with the theft of approximately $65 million from DeFi projects KyberSwap and Indexed Finance.<\/p>\n<p>In October 2021, the accused allegedly exploited a vulnerability in the rebalancing mechanism of Indexed Finance&#8217;s smart contract code, using &#8220;hundreds of millions of dollars&#8221; in borrowed assets. This reportedly allowed him to compromise the system for adding new tokens to the pool and set &#8220;artificial prices&#8221; on assets, resulting in the theft of about $16.5 million.<\/p>\n<p>According to authorities, in the case of KyberSwap in November 2023, Medjedovic similarly used borrowed funds to manipulate prices in liquidity pools. He allegedly calculated combinations of trades that triggered a protocol failure. This enabled the hacker to steal $48.8 million from users across 77 pools on six blockchains.<\/p>\n<p>The KyberSwap team offered the hacker 90% of the funds in exchange for a 10% reward. In response, the hacker demanded full control over the project and its funds in exchange for 50% of the proceeds.<\/p>\n<p>He later attempted to launder the stolen money through cross-chain protocols and <a href=\"https:\/\/forklog.com\/en\/news\/indexed-finance-hacker-funnels-stolen-funds-through-tornado-cash\">cryptomixers<\/a>.<\/p>\n<p>According to the U.S. Department of Justice, Medjedovic remains at large and is wanted.<\/p>\n<p>Earlier in January, developers of the Ethereum client Geth fixed a <a href=\"https:\/\/forklog.com\/en\/news\/ethereum-developers-address-vulnerability-in-leading-client\">vulnerability<\/a> CVE-2025-24883, which allowed nodes to be stopped via DoS attacks through malicious P2P messages.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S. authorities have charged Canadian Andean Medjedovic with fraud, hacking, attempted extortion, and money laundering in connection with the theft of approximately $65 million from DeFi projects KyberSwap and Indexed Finance. In October 2021, the accused allegedly exploited a vulnerability in the rebalancing mechanism of Indexed Finance&#8217;s smart contract code, using &#8220;hundreds of millions of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":20889,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,44,1416,26],"class_list":["post-20890","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-cybercrime","tag-kyber-network","tag-usa"],"aioseo_notices":[],"amp_enabled":true,"views":"15","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/20890","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=20890"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/20890\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/20889"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=20890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=20890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=20890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}