An Ethereum wallet address (0x3EBF) linked to two major decentralized finance (DeFi) exploits—the 2021 Indexed Finance hack and the 2023 KyberSwap attack—has resurfaced after approximately one year of dormancy, liquidating over $2 million in cryptocurrency assets. According to on-chain analytics firm Lookonchain, the wallet executed a burst of activity on December 30, 2025, selling large quantities of prominent DeFi tokens.
The wallet sold approximately 226,961 UNI (worth ~$1.36 million), 33,215 LINK (~$410,000), 845,806 CRV (~$328,000), and just over 5 YFI (~$17,500). This activity provides a fresh digital trail for investigators who have been pursuing the individual behind the attacks.
The wallet is associated with funds stolen from two significant incidents. The Indexed Finance exploit in October 2021 resulted in a loss of around $16.5 million after attackers manipulated the protocol's index pools using flash loans. The KyberSwap attack in November 2023 was far larger, draining nearly $49 million from its Elastic liquidity pools across several chains by exploiting a flaw in liquidity position calculations. The combined estimated loss from both hacks is approximately $65 million.
U.S. authorities have identified a suspect in the case. In February 2025, prosecutors unsealed an indictment accusing 22-year-old Canadian national Andean Medjedovic of carrying out both attacks. The indictment alleges Medjedovic laundered stolen funds through mixers and cross-chain bridges and attempted to extort the KyberSwap team following the 2023 exploit. He remains a fugitive at large.
This wallet activity underscores the persistent challenge of crypto-related theft and the long memory of blockchain forensics. The sale fits a common "delay and disperse" tactic, where hackers let stolen funds sit idle to avoid immediate tracking before attempting to liquidate. Security experts note that while such sales create new forensic data points, converting large sums of illicit crypto into spendable fiat currency remains difficult due to compliance software on centralized exchanges that flag deposits from known malicious addresses.
The incident occurs in a record-breaking year for crypto theft. Industry estimates from firms like Chainalysis indicate total losses in 2025 ranged between $2.7 billion and $3.4 billion, with a significant shift toward centralized exchange hacks dominating the landscape, unlike previous cycles where DeFi exploits were primary. Over $2 billion of the year's thefts have been attributed to entities with ties to North Korea.
