A dormant wallet linked to the major hacks of Indexed Finance and KyberSwap has suddenly come alive, unloading over $2 million worth of crypto assets after nearly a year of silence.
Key Takeaways
- A wallet tied to past DeFi exploits dumped $2 million in tokens including UNI, LINK, CRV, and YFI.
- The address is connected to Andean Medjedovic, a Canadian indicted for hacks on Indexed Finance and KyberSwap totaling $65 million.
- US authorities unsealed charges in February 2025, but Medjedovic remains at large.
- 2025 was a record year for crypto theft, with over $3 billion stolen, mostly from centralized exchanges.
What Happened?
On December 30, an Ethereum wallet long associated with DeFi exploits became active after a year of dormancy. According to blockchain data shared by Lookonchain, the wallet offloaded more than $2 million in crypto tokens in just eight hours, reviving fears around cybercrime in decentralized finance.
The wallet(0x3EBF) linked to Indexed Finance and Kyber Network Exploiter resumed activity after 1 year of dormancy, dumping:
— Lookonchain (@lookonchain) December 30, 2025
226,961 $UNI($1.36M)
33,215 $LINK($410K)
845,806 $CRV($328K)
5.25 $YFI($17.5K)https://t.co/2kniLaUA6J pic.twitter.com/uW4JAD44z1
Wallet Dump Linked to High-Profile Hacks
The wallet, identified as 0x3EBF, had been silent for about a year before suddenly selling off a large volume of tokens, including:
- 226,961 UNI (Uniswap) worth around $1.36 million.
- 33,215 LINK (Chainlink) valued at $410,000.
- 845,806 CRV (Curve) worth about $328,000.
- Over 5 YFI (yearn.finance) tokens totaling $17,500.
Smaller balances of other tokens were also moved, though not in significant quantities. The wallet’s resurgence is concerning, as it has been publicly tied to two of the biggest DeFi hacks in recent years: the 2021 Indexed Finance exploit and the 2023 KyberSwap attack.
In both cases, the attacker exploited vulnerabilities in smart contracts. The Indexed Finance breach cost around $16.5 million, where flash loans and price manipulation were used to siphon funds. The KyberSwap exploit in November 2023 was even larger, draining about $49 million from the protocol’s Elastic liquidity pools across several chains. The attacker behind KyberSwap even attempted to extort the project’s team, demanding governance control in exchange for partial fund recovery.
Indictment Unsealed in 2025
In February 2025, US federal prosecutors unsealed a grand jury indictment in the Eastern District of New York against 22-year-old Canadian national Andean Medjedovic. The indictment charges him with wire fraud, computer intrusion, extortion, and money laundering related to both DeFi breaches.
Authorities allege that Medjedovic used crypto mixers and cross-chain bridges to hide the origin of stolen funds and evade detection. Despite coordinated efforts by international law enforcement, Medjedovic remains at large.
Record-Breaking Year for Crypto Theft
The wallet activity comes during a year already marked by record-setting crypto crime. According to Chainalysis and other industry sources:
- Crypto thefts in 2025 totaled between $2.7 billion and $3.4 billion.
- More than 60 percent of these losses came from centralized platforms.
- North Korea-linked organizations were tied to over $2 billion in thefts.
- The largest incident was the $1.5 billion Bybit breach in February.
- Other major hits included Cetus DEX ($223 million) and Balancer ($128 million).
Interestingly, although the number of individual wallet compromises surged to 158,000, the average loss per victim actually dropped, reflecting better personal security practices but worsening systemic vulnerabilities.
CoinLaw’s Takeaway
To me, this case is a perfect reminder of how DeFi exploits don’t just disappear after headlines fade. The attacker may go quiet, but the stolen assets can remain untouched for months or even years before being dumped. I found it particularly troubling that despite an indictment and public identification, Medjedovic is still out there and possibly in control of these funds. In my experience covering crypto crime, the pattern is clear: blockchain activity always leaves a trail, and resurfacing like this only increases the chances of eventual capture. But until then, this event puts a spotlight on the urgent need for smarter contract audits and global enforcement collaboration.
