Federal prosecutors have indicted a person on costs he stole $65 million in cryptocurrency by exploiting vulnerabilities in two decentralized finance platforms after which laundering proceeds and trying to extort swindled buyers.
The scheme, alleged in an indictment unsealed on Monday, occurred in 2021 and 2023 towards the DeFI platforms KyberSwap and Listed Finance. Each platforms present automated companies generally known as “liquidity swimming pools” that permit customers to maneuver cryptocurrencies from one to a different. The swimming pools are funded with user-contributed cryptocurrency and are managed by sensible contracts enforced by platform software program.
“Formidable mathematical prowess”
The prosecutors mentioned Andean Medjedovic, now 22 years previous, exploited vulnerabilities within the KyberSwap and Listed Finance sensible contracts by utilizing “manipulative buying and selling practices.” In November 2023, he allegedly used a whole lot of hundreds of thousands of {dollars} in borrowed cryptocurrency to trigger synthetic costs within the KyberSwap liquidity swimming pools. Based on the prosecutors, he then calculated exact combos of trades that might induce the KyberSwap sensible contract system—generally known as the AMM, or automated market makers—to “glitch,” as he wrote later.
The scheme allegedly allowed Medjedovic to steal roughly $48.8 million from 77 KyberSwap liquidity swimming pools on six public blockchains. He allegedly additionally tried to extort builders of the KyberSwap protocol, buyers, and members of the decentralized autonomous group (DAO). The prosecutors mentioned the defendant supplied to return 50 p.c of the stolen cryptocurrency in return for him receiving management of the KyberSwap protocol.
In an try to launder the proceeds later, prosecutors mentioned, Medjedovic additionally used “bridge” protocols to switch cryptocurrency from one blockchain to a different by way of a cryptocurrency “mixer” designed to hide the supply of digital belongings. After one bridge protocol froze a number of of his transactions, Medjedovic agreed to pay greater than $80,000 to somebody he thought had management of the bridge to avoid restrictions and launch roughly $500,000 in stolen cryptocurrency. That transaction, as will probably be defined shortly, in the end led to his undoing.
