Teenage Suspect in $16M DeFi Hack Wanted for Arrest in Canada

In a possible DeFi first, Canadian law enforcement is now looking to track down a suspected hacker.

AccessTimeIconDec 22, 2021 at 8:41 p.m. UTC
Updated May 11, 2023 at 5:04 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

A Canadian teen math prodigy who allegedly swiped $16 million in an exploit of a decentralized finance (DeFi) protocol in October swore on Twitter to “fight to the death” in a legal “duel” over whether or not he should be permitted to keep the funds.

Trouble is, he hasn’t shown up in court.

On Wednesday a warrant was issued for 19-year-old Andean “Andy” Medjedovic to appear before an Ontario court. The warrant comes following Medjedovic’s failure to appear at an in-person hearing on Tuesday, though people familiar with the matter say he appeared at a virtual hearing last Friday.

In October, Medjedovic allegedly used flash loans to drain funds from Indexed Finance, a decentralized finance (DeFi) protocol offering index fund-style structured products. Following an investigation from a “war room” of industry experts, the affected team managed to uncover his identity.

Unlike in other high-profile exploits where the attacker was “doxxed,” however, Medjedovic refused to return the funds and claimed on Twitter he was prepared to defend “code is law” – an unofficial DeFi ethos that holds that any activities technically permitted by smart contracts are not just immutable, but also legally and ethically permissible – in court.

In an interview with CoinDesk this week, Indexed core contributors Laurence Day and Dillon Kellar said the Tuesday hearing was in regards to a court-ordered freeze on the assets in question, also known as a Mareva injunction, and a receivership order, which would transfer the assets to a third-party custodian for the duration of legal proceedings.

According to Day, the Mareva injunction was filed to prevent Medjedovic from moving the pilfered crypto to Tornado Cash or a similar mixing service.

However, following his failure to appear, Medjedovic may now be making history as the first DeFi hacker to be actively pursued by law enforcement.


A number of lawyers who spoke to CoinDesk in October said that Medjedovic’s “code is law” argument was unlikely to hold up under legal scrutiny.

To date, law enforcement has rarely gotten involved in hacks and exploits, in part because identifying culprits is near-impossible when attackers use the right tools to cover their tracks.

The sector is often compared to a financial “Wild West” where, in the absence of legal authorities and enforceable laws, self-regulation and the goodwill of “white hat” hackers are all that can help prevent exploits.

This legal void has led to a prevalent mindset that DeFi is effectively outside the reach of the legal system, and the only rules of the road are those encoded on-chain – “code is law,” often derisively referred to as “codeslaw.”

Day, however, argues that the hack was simple fraud. According to filings posted by Day and prepared in collaboration with the Canadian law firm Stockwoods, in addition to the Mareva injunction, Indexed developers are filing a class action suit arguing that the exploit was “civil fraud” and are seeking “rescission for misrepresentation or mistake, and/or unjust enrichment.”

Far from being a quirk in the code, Day and Kellar argue, the exploit relied on malicious intent and custom-built contracts that manipulated Indexed’s internal markets, creating the conditions that Medjedovic could exploit.

“The attack was not some simple accounting error waiting to misprice tokens – it had to be deliberately manipulated through a complex series of actions in order to create the circumstances under which assets could be taken at a below-market price,” said Kellar.

Legal precedent

A number of legal experts have expressed concern on social media that the looming case could inadvertently lead to an expansion of law enforcement powers, particularly in regards to fraud involving computers.

In a Twitter thread Wednesday, Day wrote that both he and Kellar are aware of the precedent that filing the suit could create and that they hired lawyers who would seek a resolution to the case they hoped would be “respectful” to the space in Stockwoods.

Kellar told CoinDesk that, despite the delays, battling out “code is law” in a court of law is ultimately just a matter of time.

“I think Andean will either get tired, show up to court and transfer the assets to the custodian, or be caught by the Canadian police,” he said. “Either way, we’ll all get our day in court and he’ll have a chance to make his defense.”


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Andrew Thurman

Andrew Thurman was a tech reporter at CoinDesk with a focus on DeFi.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Read more about