FRESH

Hacker News

Home

Canadian math prodigy allegedly stole $65M in crypto

276 points by bookmtn

by amit9gupta

17 subcomments

He did not steal anything. He beat the fund (Indexed Finance) at their own game.
He has not stolen anybody's password, has not modified DeFI code - simply executed a set of financial transactions according to the rules (expressed as DeFI smart contracts) and profited from it.
Indexed Finance is an unlicensed investment firm. The promoters knew the risk ( decentralized finance) and now they want to blame someone who outsmarted them at their own game.

by nikhizzle

8 subcomments

So which one is it? Code is contract and he should get to keep the money. Or crypto is governed by laws outside of crypto and so he violated the “spirit” of the code and hence is a criminal?
It seems like right now the crypto industry makes the decision to their convenience on a daily basis.

by cherryteastain

3 subcomments

My personal belief is that this was not fraud and "Code is Law" works. Yet, this guy is a perfect example of how intelligence and wisdom are not the same. He was clearly smart and dedicated enough to pull off this sort of trade successfully multiple times in a row, and probably all he had to do to get away with it was keeping his mouth shut. Or at the very least not get convicted by default on contempt of court charges by ignoring a court summons.

by AlexanderTheGr8

2 subcomments

I followed this case when it happened. It was $16M at the time, not sure how it became $65M now. I suppose it doesn't matter - any number above $100k probably grants the same punishment*
Interesting side-note : the people he took/stole from - they offered him 10% if he returned the rest. He said no in a tweet trolling them.
Contrary to the opinions in this thread, I think he was smart to run away. Remember that he did this from Canada, not the US. Countries don't have the same extradition treaties with Canada that they do with US.
If he had stayed, he would almost certainly be convicted. No court can possibly understand "code is law". Courts' job is only to interpret the law, not make the law. And the law was not written for crypto. You cannot fit a square in a circle without distortion.
What I think would have happened is the courts, rather than introducing novel precedent, would have preferred to just rely on existing case law and declare him a criminal.
Another interesting side-note : the judge presiding the case made a public comment asking the guy to come back to Canada promising him a fair trial. The guy didn't show up - maybe he didn't receive the message.
Overall, even with the benefit of hindsight, we still can't be sure if he was smart to exploit this or not. Forced to live in a few countries but with a lot of money.
* It's because (1) laws were designed when numbers were lower (no one had $16M to steal); (2) humans can't visualize big numbers (individually, $16M is just as big as $65M in my head)

by djeastm

0 subcomment

He made the mistake of not already being wealthy before he manipulated the currencies. It's truly funny reading this when the US stock market is manipulated at will. I'm not trying to be political, just remarking on the absurdity of it all.

by avodonosov

0 subcomment

> a U.S. company named Cicada 137 LLC sued Mr. Medjedovic in Ontario. The identity of the person or people behind the company is unknown, but Cicada said it lost US$9.69-million worth of digital tokens to the exploit. (It’s common for significant investors in cryptocurrency to shield their identities.)
> Mr. Medjedovic left home after receiving death threats
So, crypto-dealers hiding their identiyty and issuing death threats now appeal to law.

by Sonnigeszeug

0 subcomment

Contract is code, you don't need anything anymore. It solves all the problem.
Something happens
We need to use the system which we want to replace...

by prvc

0 subcomment

The entire space of smart contracts falls within the intended functionality of the systems that implement them, which make this particular use of them conceptually unlike things like buffer overflows.
Calling it a "hack" or an "attack" as this article does (while strawmanning the opposite case) is a deliberate attempt to muddy the waters, and is a failure of journalism.

by TrackerFF

1 subcomments

One universal law is that if you steal from people with more money than you, you're screwed. And the more money they have, the worse off you are.
But on a serious note, whenever you read about some people that have either managed to outright steal crypto, or find some vulnerability which hasn't been legality tested...and they just pack their bags, hoping to live life free, forever after. It just seems so naive, too naive with how smart these individuals otherwise tend to be.
I think it is fair to say that once you'll cross a threshold, could be a million. could be 10 million. could be 50 million. All depends on who you've taken it from, you'll realistically be hunted for life.
The people that do get away with these things, are state sponsored operators - but they don't walk away with tens of millions in loot, either.
EDIT: Reading the article, this guy sounds like a real piece of work.

by neuroelectron

1 subcomments

It reminds me of the Sam Bankman-fried case, but it also quite different. SBF thought the abstractions would protect him from the law when he clearly was misleading investors and using code to abstract away his fraud. However, in this case, the code/fraud was presented and used as intended. While I believe SBF was innocent of defrauding his early investors who were foolish to trust such a system, he was guilty for other reasons.
Andean Medjedovic's case shouldn't have even made it to court and he had no obligation to leave his crypto or cashed out legal tender with some "custodian" and spend the next several years of his life as a beta tester for establishing case law. This wasn't just "code is law," more accurately, "under the stipulations of the contract, code is law."

by perdomon

0 subcomment

Based on this article, it doesn't sound like he did anything illegal (initially). He saw an opportunity and took advantage of it not unlike high frequency trading in the late 90s/early 2000s. Decentralized markets operate in a space that's inherently risky -- if they don't want to get exploited, hire better engineers or get out of the game. Begging the government for help when you got bested isn't how decentralization works.

by perihelions

0 subcomment

Previous thread,
https://news.ycombinator.com/item?id=31478795 ("The math prodigy whose hack upended DeFi won’t return funds" (2022) — 399 comments)

by netvarun

0 subcomment

https://archive.is/kVsvc

by danielvf

1 subcomments

My favorite is one of the text files on the attacker's computer:
A file labeled "Decisions and Mistakes," in which he wrote, "Going On the run / Yes / Chance of getting caught<Payoff for not getting caught / (NA) / Risk is typically underpriced in modern world.

by neuroelectron

0 subcomment

"The house always wins," is the law he broke.

by hoppp

0 subcomment

Clever lad but horrible opsec. Sounds to me like Indexed Finance had bad business logic and they had it coming.
There was no break in or exploiting, it was a trade using flash loans, fair enough if you ask me. A platform trading hundreds of millions should invest in proper security audits
What's the lesson? Maybe tornado cash the gas tokens before doing stuff like this and definitely never post it on social media or acknowledge that you did anything. Be smart and have good opsec

by BlackFly

2 subcomments

He should have accepted their offer of 10% as a bug bounty. Certainly crypto folk love to act like unregulated markets but this smells like market manipulation to my armchair education and even if the market tries to play both ways, the courts won't. I do hope that the Ontario court fights the extradition, because the American laws leveled at him seem bogus by Canadian standards (wire fraud, extortion and money laundering) but that tort case might be legit.

by egypturnash

2 subcomments

They are part of the team representing Cicada 137 LLC
I wonder if this is any relation to Cicada 3301. https://en.wikipedia.org/wiki/Cicada_3301

by tempfile

4 subcomments

"Code is Law" is a profoundly immature idea, and I am surprised anyone other than children take it seriously. The law is not, and never has been, something that is read literally and taken at face value. This is the entire reason that judges and lawyers exist.
Saying "The code let me do it, so it should be legal" is a bit like if I leave a "free to a good home" sign on a plant pot outside my home, and it leans on my car. It does not mean you are permitted to take my car, no matter how "obvious" it seems to you that it should.

by concats

0 subcomment

A lot of people seem to argue that the original intent was for disputes to be handled by the courts. That is, governed by laws outside of the crypto's smart contract implementation. And thus the company is right to seek judicial help and label this act as theft. Alright, sure, on its surface that doesn't seem like an unreasonable position. After all, we all trust the courts right?
But, if this really was agreed upon by most of the parties involved, shouldn't the smart contract have include giving the courts a master-key that allows them to override the blockchain when necessary? Undoing fraudulent transactions and such. Can we really argue that everyone expected disputes to be handled by the courts if this wasn't implemented?
There is no technical reason why it couldn't have been done, as far as I can tell. It would not be great for PR perhaps, since it sort of goes against what a lot of the original crypto enthusiasts believed in: decentralization and protection from future hypothetical tyrannical governments. But at least it wouldn't be half as hypocritical as what we have today.
Of course, if you designed your crypto like this, with a court controlled backdoor, you'd unfortunately have to stop calling the whole thing decentralized. But if that's the intent, and everyone agrees to it, what's the issue?
I'm trying not to pass any value judgement on the "Canadian math prodigy" in this scenario, on the whole I don't care much about the isolated incident, but rather on whoever wrote the smart contract trying to both have their cake and eat it too.
I find crypto really fascinating from a technical and philosophical standpoint, but I'm not too fond of how it's been adapted by society as mostly a sort of get-rich-quick scheme.

by sn9

1 subcomments

I'd love to hear Matt Levine's take on this.

by NiloCK

0 subcomment

Some info on the attacks themselves:
https://rekt.news/indexed-finance-rekt https://rekt.news/mango-markets-rekt

by m101

0 subcomment

How this works in traditional finance is that the big funds would screw the small guy that beats them (especially if they're from a foreign country). They claim that they use unfair or illegal practices, but the reality is that they're not that different to their own.
Ultimately the rules are written by people who look legitimate, and/or those who capture regulators.

by Pxtl

0 subcomment

I've been following this story because he's a local boy, I actually met him very briefly once, back when he was just a kid.
The article is skimming over some of the darker sides of his side of the story - like how allegedly his code and conversations are generally peppered with racist rants (I haven't seen any examples of such). The boy seems like a horrible case of internet poisoning - like, a brilliant mathematician child completely mangled in the head by 4chan/gamer discourse.
One part of his first heist that isn't mentioned often is that Indexed Finance says he was actually working with them and contributing to their codebase before he pulled his exploit.

by Jean-Papoulos

0 subcomment

There's a reason the guy is on the run ; it's because what he did is market manipulation and that's illegal.
However, cryptocurrencies are unregulated so you can easily argue that the laws usually governing the markets don't apply. Unfortunately for him, I don't think the judge will want to set that precedent...

by commandersaki

0 subcomment

Similar situation with two brothers that gained millions on Ethereum by coercing bots: https://www.arnoldporter.com/en/perspectives/blogs/enforceme...

0 subcomment

by Xmd5a

0 subcomment

in-depth twitter thread:
https://x.com/cryppinfluence/status/1889268223528538113
This in particular: https://x.com/cryppinfluence/status/1889268417108332733
This is the stuff of legend.

by ThatsAllForNow

0 subcomment

Is there a technical write up of exactly what he did?

by arp242

1 subcomments

Crypto people want a banking system free from government control where no-one has any checks on anything.
And they also want government to act if someone does something they don't like.
The https://indexed.finance page has a big fat "This project is in beta. Use it at your own risk." warning. I guess "use at your own risk" doesn't apply to themselves.
Unserious people.

by casinoplayer0

0 subcomment

For crypto industry it's not a lot, but still... Happening regularly.

by ur-whale

0 subcomment

https://archive.is/kVsvc

by yapyap

0 subcomment

> They are part of the team representing Cicada 137 LLC
That’s a reference I haven’t heard in a bit

by lamadruga

2 subcomments

How do these people get caught? Isn't crypto supposed to be anonymous or something?

by TrapLord_Rhodo

0 subcomment

“The silver lining to all of this is that Trump promised to stop the persecution of crypto people,” Mr. Medjedovic wrote on Signal. “Like, half of the people involved in this resigned/stepped down recently.”
Very interesting that he gives praise to trump after all this hassle from the US government. Why is the US even involved in this? It's a canadian dude and a canadian exchange.

by rimbo789

0 subcomment

Isn’t all crypto theft?

by moktonar

0 subcomment

Placing trust on software is the root of all evil..

by stainablesteel

0 subcomment

the movie about this guy is going to be awesome

by Validark

0 subcomment

How dare some peasant actually win at a game they were meant to lose? That's illegal!

by rozap

2 subcomments

Wait, I thought cryptocurrencies aren't securities? Why are our tax dollars being spent investigating this? If they're not securities (like coinbase etc would like us to believe), then he didn't do anything wrong and there are no other rules - code is law. If they are securities, then why are there so many illegal exchanges operating in plain sight?
Once again, crypto folks are all about decentralization until someone outsmarts them, then they go crying to daddy government to bail them out.

by ForHackernews

0 subcomment

> Not everyone agrees. “Code is not law. Law is law,” Mr. Gottlieb wrote in a lengthy thread to Mr. Medjedovic on X in late October, 2021. “And what you did was not a ‘clever trade.’ It was market manipulation. It’s illegal. And people go to prison for it.
Boy the crypto industry better pray that market manipulation isn't illegal in DeFi-world or they're all going to prison.

by Calwestjobs

0 subcomment

he is in france territory which is not french Guiana.

by bogota

0 subcomment

O look another amazing and riveting discussion on emerging technology with real world implications… o wait it’s just a bunch of cranky people complaining about crypto.

by baq

0 subcomment

Just another day of crypto bros speedrunning finance.

by tlogan

2 subcomments

Code is not law. Law is law.

by aaroninsf

0 subcomment

tHe FuTurE oF fInAnCe, entry no. 61,384

by kazinator

1 subcomments

You can't "steal" crypto; it's all just a scam that operates outside of the law.
I mean, sure, we can use the language of theft and crime figuratively, just like when we talk about animals. For instance, "the wolf stole a chicken from the coop".

by tyreu

0 subcomment

[dead]

by waltfieger89

0 subcomment

[dead]

by glass1122

0 subcomment

[dead]