A man has been indicted by federal prosecutors for allegedly orchestrating a scheme that resulted in the theft of $65 million in cryptocurrency, taking advantage of vulnerabilities in two decentralized finance (DeFi) platforms. This fraudulent activity unfolded between 2021 and 2023, targeting the platforms KyberSwap and Indexed Finance, which provide users the ability to trade cryptocurrencies through automated services known as “liquidity pools.” These pools are funded by user contributions and managed by smart contracts executed by platform software.
The indictment, which was publicly released on Monday, details the actions of 22-year-old Andean Medjedovic. Prosecutors contend that Medjedovic utilized manipulative trading techniques to exploit weaknesses within the smart contracts of both platforms. In November 2023, he reportedly borrowed hundreds of millions in cryptocurrency to manipulate the prices within KyberSwap’s liquidity pools. Following this, he executed a series of calculated trades designed to trigger a malfunction in the automated market maker (AMM) system integral to KyberSwap’s operations.
As a result of this alleged scheme, Medjedovic is believed to have misappropriated approximately $48.8 million from 77 different liquidity pools across six public blockchains. He is accused of extending extortion attempts towards developers associated with the KyberSwap protocol, as well as targeting investors and members of a decentralized autonomous organization (DAO). Prosecutors allege that he proposed to return 50 percent of the stolen assets, provided he could gain control of the KyberSwap protocol.
To launder the ill-gotten gains, Medjedovic reportedly employed “bridge” protocols to transfer digital currency across blockchains, utilizing a cryptocurrency mixer to obscure the origins of the funds. However, at one point, a bridge protocol froze numerous transactions linked to his activities. In response, Medjedovic allegedly offered to pay over $80,000 to an individual he believed had the means to bypass these restrictions, aiming to release roughly $500,000 in stolen cryptocurrency. This transaction, as detailed in the prosecution’s claims, ultimately contributed to his apprehension.
This incident underscores the increasing sophistication of cybercriminal tactics, notably within the realm of DeFi. The techniques employed by Medjedovic could be mapped to various adversary tactics outlined in the MITRE ATT&CK framework. His actions suggest an initial access phase through manipulation, which aligns with tactics such as exploitation of vulnerabilities. The preference for illicitly gaining control over platform protocols demonstrates a disregard for security protocols and highlights an alarming trend within the digital asset space.
As the landscape of cryptocurrency continues to evolve, business owners and investors in the tech sector must remain vigilant. The risks posed by potential exploits within DeFi platforms present a significant area of concern, necessitating robust cybersecurity measures to prevent similar breaches. Understanding the tactics used in the current landscape can help organizations better prepare and protect their digital assets against emerging threats in a continuously changing environment.
