A U.S. federal court has charged Canadian Andean Medjedovich with fraud, hacking, attempted extortion, and money laundering related to the theft of approximately $65 million from DeFi projects KyberSwap and Indexed Finance.

In October 2021, Medjedovich allegedly exploited a vulnerability in the rebalancing mechanism of Indexed Finance’s smart contract code, using “hundreds of millions of dollars” in borrowed assets. This allowed him to compromise the token addition system and set “artificial prices” on assets, stealing around $16.5 million.

According to investigators, in November 2023, Medjedovich used similar tactics with borrowed funds to manipulate prices in KyberSwap’s liquidity pools. He allegedly calculated trade combinations that caused a protocol failure, enabling him to steal $48.8 million from 77 pools across six blockchains.

KyberSwap’s team offered the hacker a reward of 10% for returning 90% of the stolen funds. In response, the hacker demanded full control over the project and its assets in exchange for 50% of the loot.

Later, Medjedovich attempted to launder the stolen money through cross-chain protocols and crypto mixers.

According to the U.S. Department of Justice, Medjedovich remains at large and is wanted by authorities.

Earlier in January, Ethereum client developers fixed vulnerability CVE-2025-24883, which allowed denial-of-service (DoS) attacks on nodes via malicious P2P messages.