Teenage Suspect in $16M DeFi Hack Wanted for Arrest in Canada

In a possible DeFi first, Canadian law enforcement is now looking to track down a suspected hacker.

AccessTimeIconDec 22, 2021 at 8:41 p.m. UTC
Updated Dec 23, 2021 at 12:42 a.m. UTC
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.

Andrew Thurman was a tech reporter at CoinDesk with a focus on DeFi.

Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.

A Canadian teen math prodigy who allegedly swiped $16 million in an exploit of a decentralized finance (DeFi) protocol in October swore on Twitter to “fight to the death” in a legal “duel” over whether or not he should be permitted to keep the funds.

Trouble is, he hasn’t shown up in court.

On Wednesday a warrant was issued for 19-year-old Andean “Andy” Medjedovic to appear before an Ontario court. The warrant comes following Medjedovic’s failure to appear at an in-person hearing on Tuesday, though people familiar with the matter say he appeared at a virtual hearing last Friday.

In October, Medjedovic allegedly used flash loans to drain funds from Indexed Finance, a decentralized finance (DeFi) protocol offering index fund-style structured products. Following an investigation from a “war room” of industry experts, the affected team managed to uncover his identity.

Unlike in other high-profile exploits where the attacker was “doxxed,” however, Medjedovic refused to return the funds and claimed on Twitter he was prepared to defend “code is law” – an unofficial DeFi ethos that holds that any activities technically permitted by smart contracts are not just immutable, but also legally and ethically permissible – in court.

In an interview with CoinDesk this week, Indexed core contributors Laurence Day and Dillon Kellar said the Tuesday hearing was in regards to a court-ordered freeze on the assets in question, also known as a Mareva injunction, and a receivership order, which would transfer the assets to a third-party custodian for the duration of legal proceedings.

According to Day, the Mareva injunction was filed to prevent Medjedovic from moving the pilfered crypto to Tornado Cash or a similar mixing service.

However, following his failure to appear, Medjedovic may now be making history as the first DeFi hacker to be actively pursued by law enforcement.


A number of lawyers who spoke to CoinDesk in October said that Medjedovic’s “code is law” argument was unlikely to hold up under legal scrutiny.

To date, law enforcement has rarely gotten involved in hacks and exploits, in part because identifying culprits is near-impossible when attackers use the right tools to cover their tracks.

The sector is often compared to a financial “Wild West” where, in the absence of legal authorities and enforceable laws, self-regulation and the goodwill of “white hat” hackers are all that can help prevent exploits.

This legal void has led to a prevalent mindset that DeFi is effectively outside the reach of the legal system, and the only rules of the road are those encoded on-chain – “code is law,” often derisively referred to as “codeslaw.”

Day, however, argues that the hack was simple fraud. According to filings posted by Day and prepared in collaboration with the Canadian law firm Stockwoods, in addition to the Mareva injunction, Indexed developers are filing a class action suit arguing that the exploit was “civil fraud” and are seeking “rescission for misrepresentation or mistake, and/or unjust enrichment.”

Far from being a quirk in the code, Day and Kellar argue, the exploit relied on malicious intent and custom-built contracts that manipulated Indexed’s internal markets, creating the conditions that Medjedovic could exploit.

“The attack was not some simple accounting error waiting to misprice tokens – it had to be deliberately manipulated through a complex series of actions in order to create the circumstances under which assets could be taken at a below-market price,” said Kellar.

Legal precedent

A number of legal experts have expressed concern on social media that the looming case could inadvertently lead to an expansion of law enforcement powers, particularly in regards to fraud involving computers.

In a Twitter thread Wednesday, Day wrote that both he and Kellar are aware of the precedent that filing the suit could create and that they hired lawyers who would seek a resolution to the case they hoped would be “respectful” to the space in Stockwoods.

Kellar told CoinDesk that, despite the delays, battling out “code is law” in a court of law is ultimately just a matter of time.

“I think Andean will either get tired, show up to court and transfer the assets to the custodian, or be caught by the Canadian police,” he said. “Either way, we’ll all get our day in court and he’ll have a chance to make his defense.”


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Andrew Thurman was a tech reporter at CoinDesk with a focus on DeFi.

Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

CoinDesk - Unknown

Andrew Thurman was a tech reporter at CoinDesk with a focus on DeFi.

Read more about