Which cryptocurrencies did the hacker sell?

The wallet sold UNI (Uniswap), LINK (Chainlink), CRV (Curve DAO Token), and YFI (yearn.finance) tokens over approximately eight hours; total sales exceeded $2 million.

Who has been charged in connection with these attacks?

US prosecutors have named Canadian Andean Medjedovic as the suspect; he faces charges related to theft and money laundering and remains at large.

How do analysts assist in such cases?

On-chain analytics experts, including the Lookonchain team, track token movements from linked addresses, providing investigative authorities with new transactional data.

Hacker Linked to Indexed Finance and KyberSwap Sells $2M in Cryptocurrency

Wallet tied to Indexed Finance and KyberSwap hacks sold UNI, LINK, CRV, and YFI tokens worth over $2M in eight hours. US authorities continue to seek Andean Medjedovic.

A wallet associated with two major DeFi protocol hacks suddenly became active and sold crypto assets worth over $2 million within eight hours. According to on-chain analytics firm Lookonchain, the wallet transferred UNI, LINK, CRV, and YFI tokens—ending about a year of inactivity. Meanwhile, US prosecutors continue the international search for Andean Medjedovic, accused of stealing approximately $65 million from the two protocols.

Hacker Attacks on Indexed Finance and KyberSwap

This concerns two well-known incidents in the DeFi ecosystem: the 2021 Indexed Finance hack and the 2023 KyberSwap exploit. Both events are linked by traces leading to the same wallet address, with total damages related to charges against the suspect estimated at around $65 million. For historical context and comparisons with other major cases, see the overview of largest hacker attacks.

$2 Million Cryptocurrency Sale

On-chain analysis revealed that the address conducted a series of sales of UNI, LINK, CRV, and YFI tokens during an intense eight-hour window. The total volume of cryptocurrency sold exceeded $2 million, following nearly a year of dormancy. This sequence provides new transactional data that could help trace further fund movements.

Investigation and the Role of Andean Medjedovic

US prosecutors have named Canadian Andean Medjedovic as a suspect connected to both incidents, charging him with theft and money laundering. As of early 2025, Medjedovic remains at large, with international investigations ongoing. Analysts, including the Lookonchain team, have tracked the movement of the four mentioned tokens from the suspicious wallet, offering additional leads for the inquiry.

Implications for DeFi Security

This series of events illustrates the known "delay and disperse" tactic, where stolen funds remain dormant for a period before partial transfers occur. The blockchain’s transparency makes such movements visible to analysts and law enforcement, so each new transaction adds data for investigations. Consequently, discussions about protocol security refocus on the importance of monitoring and rapid protective measures to safeguard user funds.

Why This Matters

If you are a miner operating 1–1000 devices in Russia, this news has little direct impact on your daily work: it involves theft and subsequent token sales, not mining issues per se. However, the case reminds us that DeFi attacks leave long-lasting traces on the blockchain, and transaction analytics can detect suspicious activity that may later affect token liquidity or trust.

What to Do?

Stay updated with news and on-chain analytics about tokens you hold or accept; timely information helps assess risks.
Keep funds and keys in secure wallets and, if possible, distribute assets across multiple addresses to reduce risk of large losses.
Use trusted software, update device firmware regularly, and verify contracts and liquidity sources when interacting with DeFi.
If you notice suspicious addresses or incoming transfers from known compromised wallets, avoid interaction and save logs for potential support or law enforcement reports.