US federal prosecutors have indicted a 22 year old Canadian, Andean Medjedovic, for the exploitation of vulnerabilities in DeFI protocols, resulting in the theft of about $65 million in cryptocurrency assets.
Medjedovic has been prosecuted for targeting KyberSwap in 2023 and Indexed Finance in 2021 by manipulating their smart contracts to conduct deceptive trades, leading to enormous financial losses for investors. Following the exploit, he apparently attempted to extort the protocol’s stakeholders by demanding control of KyberSwap and its decentralised autonomous organisation (DAO) as a deal in exchange for half of the stolen assets.
Medjedovic is facing multiple charges, including wire fraud, unauthorized damage to a protected computer, attempted extortion and money laundering.
Prosecutors also noted that after an anonymous bridge protocol froze some funds, Medjedovic paid $85k to an ‘undercover law enforcement agent posing as a software developer’ to release the assets.
Nominis Insights:
For us, the prosecution of Medjedovic and particularly his exploitation of Kyberswap highlights a number of important lessons in compliance.
Minor coding flaws can cause multi-million dollar losses
Kyberswap’s attack in 2023 exploited a discrepancy in the Kyberswap Elastic’s tick-based swap mechanism, exacerbated by a rounding error. This resulted in incorrect liquidity calculations when crossing specific price points. Then, pool prices were manipulated and liquidity positions were adjusted.
The exploit stemmed from some minor coding flaws, but ultimately led to financial losses of millions.
DeFi has revolutionised methods of fraud
Unlike in TradFi, DeFi exploits may involve the exploitation of software bugs to commit fraud and obtain or move illicit funding. It is absolutely critical for smart contracts to be airtight and tested before DeFi protocols go live, and projects should fulfil compliance requirements to prevent such fraud commitments as a result of bug-ridden smart contracts.
Bug bounty programs are proven to effectively ensure the security of smart contracts, encouraging ethical hackers to attempt to find vulnerabilities before malicious attackers do. Smart Contract security audits are also effective methods to ensure security of contracts before going live.
Liquidity movements can signal illicit activity
This case involved manipulated pool prices, adjusted liquidity positions and execution of swaps. Once stolen, the funds were moved across chains quickly, making recovery very difficult.
Like money laundering, stolen crypto from smart contract exploits get mixed and swapped to obscure origins and tracing.
This type of behaviour is possible to be flagged with on-chain, real-time anomaly detection.
The proactive monitoring of DeFi transactions is absolutely essential given this known pattern that can be used to allude to illicit activity. The ability to flag anomalies in liquidity movements can automatically identify suspicious transactions or wallets that should be kept at a distance.
Nominis’ unique real-time transaction monitoring tool, the most comprehensive platform for crypto wallet intelligence, previously identified the address known as ‘Kyberswap Exploiter 1’, applying a risk score of critical and giving automatic alerts to clients, encouraging awareness of a malicious wallet.
This attack reminds us that security vulnerabilities are not exclusively a technical issue, but a compliance issue. Utilizing pro-active, real-time monitoring compliance platforms such as Nominis can ensure compliance is not a limiting factor in the progress of your exchange or company, but an area giving you a cutting edge against your competitors.
This case sets a precedent that authorities are willing to pursue DeFi market manipulation as a crime, potentially forcing DeFi protocols to implement compliance measures similar to traditional finance, such as on-chain surveillance for manipulation detection, AML/KYC checks on liquidity providers, and smart contract risk disclosures. It strengthens the argument that DeFi platforms need robust compliance frameworks to prevent market manipulation.
While we strive for accuracy in our content, we acknowledge that errors may occur. If you find any mistakes, please reach out to us at contact@nominis.io Your feedback is appreciated!