An Ethereum (ETH) address reportedly connected to the perpetrators of the 2021 Indexed Finance exploit and the 2023 KyberSwap attack has sprung back to life after roughly a year of inactivity, reportedly dumping millions in cryptocurrency holdings. On-chain monitoring firm Lookonchain has now reported that the wallet executed a series of transactions within an eight-hour window, offloading tokens valued at more than $2 million at the time of writing.
The transactions included approximately 226,961 UNI tokens (worth around $1.36 million), 33,215 LINK (valued at $410,000), 845,806 CRV (totaling $328,000), and 5.25 YFI (approximately $17,500).
These moves mark the first significant activity from the address since late 2024, raising questions about the intentions behind the sudden liquidation amid ongoing law enforcement scrutiny.
The wallet’s history traces back to two high-profile decentralized finance (DeFi) incidents that collectively drained nearly $65 million from users.
In October 2021, Indexed Finance suffered a sophisticated manipulation of its index pools, resulting in losses of about $16 million through flash loans and pricing distortions.
Two years later, in November 2023, KyberSwap’s Elastic liquidity pools were targeted in a complex attack exploiting calculation flaws, leading to the theft of nearly $49 million across multiple blockchains.
U.S. authorities attribute both exploits to Andean Medjedovic, a 22-year-old Canadian national.
An indictment unsealed in February 2025 by a federal grand jury in the Eastern District of New York accuses him of multiple charges, including wire fraud, unauthorized computer intrusion, attempted extortion, and money laundering.
Prosecutors claim Medjedovic used manipulative trades to exploit smart contract vulnerabilities, laundered proceeds via mixers and cross-chain bridges, and even pressured KyberSwap’s team in a post-attack negotiation attempt.
Despite coordinated efforts by U.S. and international law enforcement agencies, Medjedovic has evaded capture throughout 2025 and remains a fugitive.
The recent wallet activity could potentially provide new leads for investigators tracing illicit funds, as blockchain transactions leave permanent records.
This latest incident now underscores persistent risks in the DeFi sector, where previously dormant exploit-related addresses can suddenly reactivate.
While this past year saw record crypto thefts exceeding $3 billion—largely from centralized platforms—such on-chain movements serve as stark reminders of unresolved cases from prior years.
Authorities continue to monitor related addresses closely.
Investors are now being advised to exercise more caution with such protocols and remain vigilant against potential follow-on effects from historical exploits.
