22-year-old math wiz indicted for alleged DeFI hack that stole $65M

Federal prosecutors have indicted an individual on charges he stole $65 million in cryptocurrency by exploiting vulnerabilities in two decentralized finance platforms after which laundering proceeds and attempting to extort swindled patrons.

The scheme, alleged in an indictment unsealed on Monday, occurred in 2021 and 2023 in direction of the DeFI platforms KyberSwap and Listed Finance. Every platforms current automated corporations typically referred to as “liquidity swimming swimming pools” that let prospects to maneuver cryptocurrencies from one to a distinct. The swimming swimming pools are funded with user-contributed cryptocurrency and are managed by good contracts enforced by platform software program program.

“Formidable mathematical prowess”

The prosecutors said Andean Medjedovic, now 22 years earlier, exploited vulnerabilities inside the KyberSwap and Listed Finance good contracts by way of the usage of “manipulative shopping for and promoting practices.” In November 2023, he allegedly used tons of of tens of thousands and thousands of {{dollars}} in borrowed cryptocurrency to set off artificial prices inside the KyberSwap liquidity swimming swimming pools. Consistent with the prosecutors, he then calculated precise combos of trades which may induce the KyberSwap good contract system—typically referred to as the AMM, or automated market makers—to “glitch,” as he wrote later.

The scheme allegedly allowed Medjedovic to steal roughly $48.8 million from 77 KyberSwap liquidity swimming swimming pools on six public blockchains. He allegedly moreover tried to extort builders of the KyberSwap protocol, patrons, and members of the decentralized autonomous group (DAO). The prosecutors said the defendant offered to return 50 p.c of the stolen cryptocurrency in return for him receiving administration of the KyberSwap protocol.

In an attempt to launder the proceeds later, prosecutors said, Medjedovic moreover used “bridge” protocols to modify cryptocurrency from one blockchain to a distinct by the use of a cryptocurrency “mixer” designed to cover the provision of digital belongings. After one bridge protocol froze quite a few of his transactions, Medjedovic agreed to pay larger than $80,000 to anyone he thought had administration of the bridge to bypass restrictions and launch roughly $500,000 in stolen cryptocurrency. That transaction, as may be outlined shortly, ultimately led to his undoing.