Just saw the DOJ unsealed charges against Andean Medjedovic, and honestly, this guy's story is wild. We're talking about a $65 million DeFi hack spread across two protocols, and the backstory is almost as interesting as the crime itself.

So who is this Medjedovic character? Turns out he's not your typical script-kiddie hacker. The guy was a genuine math prodigy. Graduated high school at 14 in Waterloo, Canada, then went straight to the University of Waterloo to study mathematics. For context, that's where Vitalik Buterin went too before he dropped out to work on Ethereum. But Medjedovic? He finished his undergrad in just three years at age 17 and immediately dove into a master's program. One year later, he'd already defended his thesis and was applying for PhDs. A Waterloo math professor told Bloomberg back in 2022 that he'd never seen another student complete their degree that early.

During his studies, Andean Medjedovic developed serious coding chops. He competed regularly in Code4rena, that hacking competition where security researchers hunt for bugs in smart contracts. Won two prizes for finding vulnerabilities. He was also deep into DeFi, especially automated market makers. In an interview, he mentioned how he'd research every new DeFi product that came out and throw money at it if he liked the mechanics.

But here's where it gets darker. According to people who knew him, Medjedovic had real social issues. He was reportedly condescending to people he deemed less intelligent and had this arrogance that rubbed people the wrong way. More concerning: he apparently dabbled in some seriously problematic ideology—eugenics, racist theories, anti-Semitic content. DL News spoke to him in 2023 and said he still "relishes" those statements. Not a good look.

Now let's talk about the actual hacks. October 2021, Andean Medjedovic allegedly pulled off the first major exploit. He targeted Indexed Finance by using borrowed tokens to manipulate the platform's smart contract reindexing process. The way it worked: Indexed Finance adds new tokens to liquidity pools through an automated reindexing mechanism. Medjedovic noticed a "mispricing opportunity" in the code after reading about it on a forum. He saw there was a way to bypass trade limits in the pool.

He spent months writing a script to execute it, and when he finally ran the numbers and confirmed it would work, he went for it. Walked away with $16.5 million in investor tokens from those liquidity pools. True to form, the crypto address he used during the hack included "1488"—Neo-Nazi shorthand—and his code was full of racial slurs. He claimed Indexed Finance had been "out-traded" and invoked "code is law," but the Canadian Superior Court judge didn't buy it. Judge Fred Myers issued an order to freeze the tokens and granted a civil search-and-seizure warrant.

Mediajedovic skipped his court hearing on December 21, 2021. The judge told the media it looked like "the young defendant has gone into hiding." According to DL News, he bounced around Europe and South America before landing on some island he wouldn't name. The whole time, he was trying to cash out—using crypto mixers and opening exchange accounts with fake KYC documents.

Then came KyberSwap. This is where things escalated. The $46 million KyberSwap hack went unsolved for a while, but the DOJ's recent indictment finally revealed that Andean Medjedovic was behind it too. This time, he used hundreds of millions in borrowed crypto to create artificial prices in the liquidity pools. He exploited KyberSwap's AMMs with surgical precision, calculating exactly how many tokens he needed to make the system glitch and give him access to nearly $49 million in investor crypto.

But Medjedovic didn't just steal and run. He allegedly tried to extort the protocol developers. His demands? Complete control over critical parts of KyberSwap: the company itself, full temporary authority over KyberDAO (the governance token), all company documents, and all company assets. Basically, he wanted to take over the whole operation in exchange for returning the funds.

According to the DOJ, Medjedovic tried laundering the money through mixers and bridge protocols. One bridge caught on and froze his transactions. Then he allegedly tried to pay an undercover FBI agent posing as a software developer $80,000 to bypass the bridge protocol's restrictions and release about $500,000 in stolen crypto.

The wild part? Andean Medjedovic is still out there. The DOJ indictment was unsealed in early 2024, but he's currently at large. He was already wanted in Canada for failing to show up to court on the Indexed Finance case, so he's got international heat on him. US authorities are working with Dutch law enforcement and other international partners to track him down.

What strikes me about this whole thing is how it shows the intersection of raw technical talent and serious character flaws. Medjedovic had the intellectual firepower to spot vulnerabilities that nobody else saw, but he apparently lacked any ethical guardrails. He went from being a legitimate security researcher in Code4rena to becoming one of the most wanted DeFi hackers in crypto.

It's a cautionary tale for the space. DeFi protocols are still getting hit because there are people smart enough to find the exploits. And sometimes those people aren't motivated by money alone—there's ego, ideology, and a complete disregard for consequences. Until protocols get better at securing their smart contracts and law enforcement gets better at tracking these guys internationally, we're probably going to keep seeing cases like this pop up.