In early 2025, Andean “Andy” Medjedovic, a 22-year‑old Canadian mathematician and former University of Waterloo student, was indicted in the U.S. for exploiting DeFi protocols and allegedly stealing $65 million USD in cryptocurrency. His case sent ripples through tech and finance communities—but notably, major Canadian media remained largely silent.justice.gov+11arstechnica.com+11coindesk.com+11
⚖️ The Allegations
- Medjedovic was accused of exploiting vulnerabilities in the Indexed Finance (2021) and KyberSwap (2023) platforms, using flash-loan techniques to drain approximately $16.5 million and $48.8 million respectively from smart-contract liquidity pools.theblock.co+11arstechnica.com+11cybersecuritynews.com+11
- The U.S. DOJ charged him with wire fraud, hacking, extortion, and money laundering—potentially exposing him to decades in prison.coindesk.com+4justice.gov+4discerningdata.com+4
Despite the dramatic nature of these allegations, Medjedovic remained at large, evading U.S. authorities—and possibly Canadian police—with no confirmed extradition efforts.advisor.ca+11arstechnica.com+11cointelegraph.com+11
🧠 The “Code Is Law” Defense
Medjedovic’s defense centered on the DeFi ethos: “code is law.” He argued that his actions merely followed public smart contract rules—technically permissible by the systems themselves. A Canadian court noted the philosophical significance, stating:
“If a clever person can exploit a loophole in the code … more power to them.”cybersecuritynews.com+10advisor.ca+10cointelegraph.com+10
This legal framing raises urgent questions: If software allows it—and users consent by interacting with it—is exploitation actually illegal?
🛡️ Why Canadian Media Stayed Quiet
While U.S. outlets like Ars Technica, CoinDesk, and Cointelegraph covered the story extensively, it received minimal attention in Canada. Possible reasons:
- Cross-border jurisdictional complexity: Canadian press may have seen it as a U.S. matter.
- Abstract financial crime: Crypto theft isn’t as intuitive as physical crime, making it less newsworthy for mainstream audiences.
- Regulatory uncertainty: Canada’s legal standards on DeFi and smart contracts are still evolving.
This silence underscores a troubling gap—when software developers test boundaries, the public often remains unaware.
📚 Why This Case Matters — For Developers & Investors
- Legal precedent for smart-contract abuse
Medjedovic’s defense hinges on a future court deciding whether exploiting code can be lawful—a landmark issue in emerging-tech law. - Investor caution in DeFi
The incident highlights silent vulnerabilities in automated finance: unseen bugs can cost millions in seconds. - Global enforcement challenges
Without clear extradition or regulation, tech-driven crimes may continue undetected or unpunished on Canadian soil.
💭 Final Thought
Andean Medjedovic’s case remains unresolved—but it stands at the intersection of technology, law, and ethics. While Canadian news media largely brushed past it, developers and investors must pay attention. It’s a test case for the principle “code is law” and a signpost for how well-prepared—or ill-equipped—our systems are to handle the legal ambiguity of tomorrow’s software-driven economy.
📌 For deeper reading:
- Ars Technica: 22‑year‑old math wiz indicted for alleged DeFi hack that stole $65Mjustice.gov+7arstechnica.com+7advisor.ca+7
- Advisor.ca: U.S. charges Canadian for alleged crypto hack—Ontario warrant, “code is law” debateadvisor.ca
- CoinDesk: U.S. prosecutors charge Canadian man in $65M DeFi hacksdiscerningdata.com+11coindesk.com+11ncfacanada.org+11
