Headline: Dormant hacker wallet tied to Indexed Finance and KyberSwap resurfaces, liquidates $2M+ in tokens
A previously inactive Ethereum wallet linked to the Indexed Finance (2021) and KyberSwap (2023) exploits sprang back to life after roughly a year and dumped more than $2 million in crypto, according to on-chain sleuth Lookonchain.
What moved
Lookonchain flagged address 0x3EBF on X (formerly Twitter) after the wallet sold large holdings in a single burst. Blockchain records show the sales included:
- 226,961 UNI — about $1.36 million
- 33,215 LINK — about $410,000
- 845,806 CRV — about $328,000
- ~5.25 YFI — about $17,500
Smaller token balances were also reduced.
Why this wallet matters
The address has been tied to funds stolen during two high-profile DeFi incidents:
- Indexed Finance (2021): Manipulation of index pools via flash loans and price exploits cost the protocol roughly $16.5 million. At the time the exploiter argued the trades followed smart-contract rules.
- KyberSwap (November 2023): Elastic liquidity pools were drained across chains for nearly $49 million by exploiting how liquidity positions were calculated. After the attack the exploiter allegedly attempted to extort KyberSwap, asking for control in exchange for returning some funds.
Legal developments and attribution
U.S. authorities unsealed an indictment in February 2025 naming 22-year-old Canadian Andean Medjedovic as the suspect behind both attacks. Prosecutors say he laundered proceeds through mixers and cross-chain bridges and pressed KyberSwap’s team after the exploit. Medjedovic remains at large.
The bigger picture — crypto theft in 2025
Chainalysis full-year estimates show 2025 was a record year for crypto theft, with total losses between $2.7 billion and $3.4 billion. Notable trends and incidents:
- Most losses were linked to centralized platforms, a shift from earlier cycles that were dominated by DeFi exploits.
- Over $2 billion (roughly 60% of the total) was connected to entities tied to North Korea.
- Largest single incidents included the $1.5 billion Bybit breach in February, Cetus DEX ($223 million), and Balancer ($128 million).
- Individual wallet compromises surged to 158,000 incidents, though average loss per victim decreased.
Why it matters
Dormant “sleeping” wallets resurfacing to liquidate stolen assets are a recurring problem for blockchain forensics and victims trying to recover funds. Moves like this one often prompt renewed tracing efforts by analytics firms and can pressure exchanges and mixers to freeze or flag incoming funds — if they can be linked in time.
Sources: Lookonchain on X; Chainalysis; public indictments and on-chain transaction records.
Read more AI-generated news on: undefined/news
