Federal Prosecutors Indict Man for Stealing $65 Million in Cryptocurrency
Federal prosecutors have indicted a man on charges he stole $65 million in cryptocurrency by exploiting vulnerabilities in two decentralized finance (DeFi) platforms and then laundering proceeds and attempting to extort swindled investors.
The Scheme
The scheme, alleged in an indictment unsealed on Monday, occurred in 2021 and 2023 against the DeFi platforms KyberSwap and Indexed Finance. Both platforms provide automated services known as “liquidity pools” that allow users to move cryptocurrencies from one to another. The pools are funded with user-contributed cryptocurrency and are managed by smart contracts enforced by platform software.
Exploiting Vulnerabilities
The prosecutors said Andean Medjedovic, now 22 years old, exploited vulnerabilities in the KyberSwap and Indexed Finance smart contracts by using “manipulative trading practices.” In November 2023, he allegedly used hundreds of millions of dollars in borrowed cryptocurrency to cause artificial prices in the KyberSwap liquidity pools. According to the prosecutors, he then calculated precise combinations of trades that would induce the KyberSwap smart contract system—known as the AMM, or automated market makers—to “glitch,” as he wrote later.
Stealing Cryptocurrency
The scheme allegedly allowed Medjedovic to steal roughly $48.8 million from 77 KyberSwap liquidity pools on six public blockchains. He allegedly also tried to extort developers of the KyberSwap protocol, investors, and members of the decentralized autonomous organization (DAO). The prosecutors said the defendant offered to return 50 percent of the stolen cryptocurrency in return for him receiving control of the KyberSwap protocol.
Laundering Proceeds
In an attempt to launder the proceeds later, prosecutors said, Medjedovic also used “bridge” protocols to transfer cryptocurrency from one blockchain to another through a cryptocurrency “mixer” designed to conceal the source of digital assets. After one bridge protocol froze several of his transactions, Medjedovic agreed to pay more than $80,000 to someone he thought had control of the bridge to circumvent restrictions and release approximately $500,000 in stolen cryptocurrency. That transaction, as will be explained shortly, ultimately led to his undoing.
Conclusion
The indictment highlights the importance of securing smart contracts and preventing vulnerabilities in DeFi platforms. It also underscores the need for law enforcement to stay ahead of the curve in investigating and prosecuting cryptocurrency-related crimes.
FAQs
Q: What is the alleged scheme?
A: The alleged scheme involves exploiting vulnerabilities in DeFi platforms KyberSwap and Indexed Finance to steal cryptocurrency, laundering the proceeds, and attempting to extort investors.
Q: How much cryptocurrency was stolen?
A: Roughly $48.8 million was stolen from 77 KyberSwap liquidity pools on six public blockchains.
Q: What is the defendant’s alleged motive?
A: The defendant allegedly sought to steal cryptocurrency and then launder the proceeds, and also attempted to extort developers, investors, and members of the DAO.
Q: How was the scheme uncovered?
A: The scheme was uncovered when Medjedovic agreed to pay more than $80,000 to someone he thought had control of a bridge protocol to circumvent restrictions and release stolen cryptocurrency, ultimately leading to his undoing.
