CoinLaw

Bringing Crypto & Finance Closer to You

Subscribe To Our Newsletter

Exploiter Behind $65M DeFi Hacks Resurfaces with $2M Token Selloff

Updated on: December 30, 2025
As Featured In
FortuneYahoo! FinanceCoinDeskSeeking AlphaCoin Market Cap

A dormant wallet linked to the major hacks of Indexed Finance and KyberSwap has suddenly come alive, unloading over $2 million worth of crypto assets after nearly a year of silence.

Key Takeaways

  • A wallet tied to past DeFi exploits dumped $2 million in tokens including UNI, LINK, CRV, and YFI.
  • The address is connected to Andean Medjedovic, a Canadian indicted for hacks on Indexed Finance and KyberSwap totaling $65 million.
  • US authorities unsealed charges in February 2025, but Medjedovic remains at large.
  • 2025 was a record year for crypto theft, with over $3 billion stolen, mostly from centralized exchanges.

What Happened?

On December 30, an Ethereum wallet long associated with DeFi exploits became active after a year of dormancy. According to blockchain data shared by Lookonchain, the wallet offloaded more than $2 million in crypto tokens in just eight hours, reviving fears around cybercrime in decentralized finance.

Wallet Dump Linked to High-Profile Hacks

The wallet, identified as 0x3EBF, had been silent for about a year before suddenly selling off a large volume of tokens, including:

  • 226,961 UNI (Uniswap) worth around $1.36 million.
  • 33,215 LINK (Chainlink) valued at $410,000.
  • 845,806 CRV (Curve) worth about $328,000.
  • Over 5 YFI (yearn.finance) tokens totaling $17,500.

Smaller balances of other tokens were also moved, though not in significant quantities. The wallet’s resurgence is concerning, as it has been publicly tied to two of the biggest DeFi hacks in recent years: the 2021 Indexed Finance exploit and the 2023 KyberSwap attack.

In both cases, the attacker exploited vulnerabilities in smart contracts. The Indexed Finance breach cost around $16.5 million, where flash loans and price manipulation were used to siphon funds. The KyberSwap exploit in November 2023 was even larger, draining about $49 million from the protocol’s Elastic liquidity pools across several chains. The attacker behind KyberSwap even attempted to extort the project’s team, demanding governance control in exchange for partial fund recovery.

Indictment Unsealed in 2025

In February 2025, US federal prosecutors unsealed a grand jury indictment in the Eastern District of New York against 22-year-old Canadian national Andean Medjedovic. The indictment charges him with wire fraud, computer intrusion, extortion, and money laundering related to both DeFi breaches.

Authorities allege that Medjedovic used crypto mixers and cross-chain bridges to hide the origin of stolen funds and evade detection. Despite coordinated efforts by international law enforcement, Medjedovic remains at large.

Newsletter Img
Don't chase the news. Let us curate it.

You get one weekly briefing with only the stories that matter. If the market is quiet, we skip it.

Record-Breaking Year for Crypto Theft

The wallet activity comes during a year already marked by record-setting crypto crime. According to Chainalysis and other industry sources:

  • Crypto thefts in 2025 totaled between $2.7 billion and $3.4 billion.
  • More than 60 percent of these losses came from centralized platforms.
  • North Korea-linked organizations were tied to over $2 billion in thefts.
  • The largest incident was the $1.5 billion Bybit breach in February.
  • Other major hits included Cetus DEX ($223 million) and Balancer ($128 million).

Interestingly, although the number of individual wallet compromises surged to 158,000, the average loss per victim actually dropped, reflecting better personal security practices but worsening systemic vulnerabilities.

CoinLaw’s Takeaway

To me, this case is a perfect reminder of how DeFi exploits don’t just disappear after headlines fade. The attacker may go quiet, but the stolen assets can remain untouched for months or even years before being dumped. I found it particularly troubling that despite an indictment and public identification, Medjedovic is still out there and possibly in control of these funds. In my experience covering crypto crime, the pattern is clear: blockchain activity always leaves a trail, and resurfacing like this only increases the chances of eventual capture. But until then, this event puts a spotlight on the urgent need for smarter contract audits and global enforcement collaboration.

Add CoinLaw as a Preferred Source on Google for instant updates! Follow on Google News
Kelvin Scott

Kelvin Scott

Finance News Analyst

Kelvin Scott, with over 8 years of experience, covers the latest trends in digital assets, financial markets, and regulatory developments. With a strong focus on accuracy and clarity, he delivers timely updates to help readers navigate the fast-changing world of crypto and finance. An avid football fan, he never misses a chance to watch a good match, whether it’s Premier League drama or a local game.

Disclaimer:Β The content published on CoinLaw is intended solely for informational and educational purposes. It does not constitute financial, legal, or investment advice, nor does it reflect the views or recommendations of CoinLaw regarding the buying, selling, or holding of any assets. All investments carry risk, and you should conduct your own research or consult with a qualified advisor before making any financial decisions. You use the information on this website entirely at your own risk.

Related Posts

Reader Interactions

Leave a Comment

Company
Discover
Categories
Cryptocurrency
Payments
Finance
Banking
Insurance
Categories
Cryptocurrency
Investments
Compliance
Fintech
Finance