A young Canadian hacker is now wanted after allegedly exploiting a “glitch” to loot $48.8 million in crypto from the decentralized finance (DeFi) protocol KyberSwap, according to a new indictment.
The U.S. Attorney’s Office for the Eastern District of New York alleges that Andean Medjedovic, 22, exploited vulnerabilities in the KyberSwap code in 2023.
-->Prosecutors say he employed hundreds of millions of dollars in borrowed crypto to generate artificial prices in the protocol’s liquidity pools (LPs). Medjedovic then allegedly caused what he called a “glitch” in KyberSwap’s automated market maker (AMM) by executing a specific combination of trades, which enabled him to drain $48.8 million in crypto from 77 LPs on six public blockchains.
The Canadian national then allegedly attempted to extort KyberSwap developers, demanding control of the protocol and its associated decentralized autonomous organization (DAO) in exchange for 50 of the stolen crypto.
Prosecutors accuse Medjedovic, who remains at large, of attempting to launder the looted crypto through bridge protocols and a digital asset mixer.
He also allegedly exploited liquidity pools from a different DeFi protocol, Indexed Finance, back in 2021, plundering $16.5 million.
The indictment, which was unsealed on Monday in a federal court in Brooklyn, charges Medjedovic with wire fraud, computer hacking and attempted extortion.
