For four years, Medjedovic’s whereabouts have largely been a mystery to the public. Online speculation had been fuelled by his own statements to journalists, who reported his mentions of South America, unnamed islands and a jail “somewhere in Europe.”
Since disappearing in late 2021, according to statements made during the Serbian proceedings, he has travelled to Brazil, Dubai, Spain and elsewhere in Europe.
“He may be able to live large,” said Kyle Armstrong, a former FBI agent who works at blockchain intelligence firm TRM Labs. “However, to pay your rent, to buy a car, to travel, there’s not many places that are willing to accept cryptocurrency.”
Nevertheless, Armstrong added, “there are certain ways that if he has obfuscated his trail thus far, he may have cashed out some of his millions of dollars”.
Medjedovic is known in the realm of cryptocurrency for allegedly using his mathematical and computer programming prowess to drain millions of dollars from two crypto trading platforms, but also for engaging with victims and online observers in ways that buck the trend of crypto hackers, who often use the technology’s relative anonymity to quietly disappear with their spoils.
Shortly after millions in crypto were extracted from Vietnam-based KyberSwap, an exploit attributed to Medjedovic by American and Dutch authorities, the then unidentified attacker sent a publicly visible message to the firm: “Negotiations will start in a few hours when I am fully rested. Thank you.”
KyberSwap offered a 10 per cent bug bounty, a common practice in incidents such as this, where the perpetrator is asked to give back some portion of the crypto and in return is able to walk away consequence-free.
“He rejected that out of hand,” said TRM’s Armstrong.
Instead, the attacker demanded they be given complete control of the Kyber platform and offered to return 50 per cent to investors who had lost funds.
“I know this is probably less than what you wanted. However, it is also more than you deserve,” the attacker wrote.
“It was a ransom note,” Armstrong said, adding that this was the basis for the extortion charge against Medjedovic levelled by the US Department of Justice in an indictment unsealed in early 2025.
The 2023 KyberSwap hack was executed from a hotel in The Hague that Medjedovic checked into using a fake Slovak passport, Dutch prosecutors say.
He “suddenly” departed the hotel the morning after the hack took place, they said, despite having already paid for the following month. By that point, he had been on the run for two years.
In late 2021, an Ontario judge issued a bench warrant for his arrest after he failed to participate in a civil case launched by an investor in a crypto platform called Indexed Finance that lost $16 million US.
The US Department of Justice said that Medjedovic “used similar means” to exploit both Kyber and Indexed. Both relied on hundreds of millions of dollars in borrowed funds that were used to execute trades and misrepresent the supply and demand of certain cryptocurrencies. Confused by the flurry of trading activity, the platforms allowed millions of dollars in assets to be purchased for next to nothing.
“So instead of his dollar-for-dollar exchange, he exchanges one dollar for many dollars worth of assets,” Armstrong said.
Contacted by BIRN and the fifth estate via email, Medjedovic replied: “I have only one defence to the allegations: ‘I’m a racist.’ Please include that, that’s all, thanks.”
Buried in computer code used to pull off the Indexed and KyberSwap attacks is a racist term for Black people, as well as a reference to sexual assault. A cryptocurrency address connected to Medjedovic also contains a well-known neo-Nazi symbol.
Regarding his arrest in Serbia and the Dutch extradition request, Medjedovic told the Higher Court of Belgrade: “I deny all the accusations that are stated in the extradition request and I do not wish to go to the Netherlands,” adding that “I would like to have children in Serbia and to achieve some more things here.”
