coinfomania.com
Fresh on-chain activity has brought the Kyber Network exploit back into focus. Blockchain tracking shows the KyberSwap Hacker is once again moving funds. This time, sending large amounts of $ETH into Tornado Cash. The attacker, identified as Andean Medjedovic, was behind the $48.8 million KyberSwap hack in 2023. Despite past legal action, recent transfers suggest the case is far from over.
Funds Move Again After Months of Silence
New data from Arkham shows a clear pattern. The KyberSwap hacker has started transferring funds in batches of 100 $ETH. These transactions were sent directly to Tornado Cash, a tool often used to obscure transaction history. Several transfers happened within hours.
据 Arkham 监测,Kyber Network 攻击者正将盗取的资金转移至混币协议 Tornado Cash。该攻击者身份已确认为 Andean Medjedovic,他于 2023 年底从 KyberSwap 窃取了 4880 万美元。此外,Medjedovic 还在两年前策划了对 Indexed Finance 的攻击,导致 1650 万美元损失。2025…
— 吴说区块链 (@wublockchain12) April 29, 2026
Each one followed a similar structure. This suggests a planned effort rather than random movement. The wallet linked to the attacker still holds around $29 million in assets. This means a large portion of the stolen funds remains active. For investigators, this kind of movement is a red flag. It often signals an attempt to break the trace between stolen funds and their origin.
Who Is Behind the KyberSwap Attack
Authorities have already linked the attack to Andean Medjedovic. He is a Canadian national known for exploiting DeFi platforms. In late 2023, he drained $48.8 million from KyberSwap. Before that, he was involved in a 2021 attack on Indexed Finance. That caused $16.5 million in losses. In 2025, U.S. authorities filed charges against him. The Federal Bureau of Investigation accused him of exploiting smart contracts and attempting extortion. Despite this, reports suggest he has avoided full custody. Now, with funds moving again, the situation has become more urgent.
Why Tornado Cash Matters Here
Tornado Cash plays a key role in this story. It is a privacy tool designed to mix crypto funds. This makes it harder to track where assets come from and where they go next. While the tool has legitimate uses, it is often linked to hacks and laundering cases. In this situation, its use raises concerns about recovery chances. Once funds pass through a mixer, tracing them becomes much harder. This limits the ability of exchanges or authorities to freeze assets. That is why these recent transfers matter. They may reduce the chances of recovering the stolen funds.
A Reminder of DeFi’s Ongoing Risks
This case highlights a bigger issue in decentralized finance. Even after hacks are identified and suspects are charged, funds can still move. Protocols like Kyber Network have improved security since the attack. However, the risk of smart contract exploits remains. While tools like Tornado Cash continue to challenge enforcement efforts. They create a gap between blockchain transparency and real-world accountability. For users, the lesson is simple. DeFi offers innovation but it also carries risk. As this case shows, even years later, the impact of a single exploit can continue to unfold.