In an astounding turn of events, a 22-year-old Canadian programmer—Andean “Andy” Medjedovic—legalized millions from a clever script exploiting flaws in DeFi smart contracts. Though U.S. authorities arrested him, charging offenses like fraud and hacking, Canadian courts have dropped all charges based on a groundbreaking defense: Code Is Law.
Between 2021 and 2023, Medjedovic targeted two decentralized finance (DeFi) platforms, Indexed Finance and KyberSwap. He used flash loans and orchestrated deceptive trades that manipulated smart contract code to extract approximately US $65 million ($16.5 M from Indexed and $48.8 M from Kyber) globallegalpost.com+10advisor.ca+10theregister.com+10.
He gained control by abusing unintended behaviors—loopholes within smart contracts that issued payouts based on code-driven conditions.
⚠️ U.S. Authorities Strike
In February 2025, the U.S. Department of Justice indicted Medjedovic in Brooklyn on counts including wire fraud, hacking, money laundering, and extortion, with potential decades in prison cp24.com+2advisor.ca+2investmentexecutive.com+2. Authorities alleged he used mixers to evade detection and demanded partial returns in exchange for not revealing vulnerabilities.
Despite these serious claims, Medjedovic avoided U.S. custody—Canada never extradited him, citing legal ambiguity.
⚖️ The “Code Is Law” Defense: A Canadian First
In a civil suit filed by Indexed Finance (Cicada 137 LLC), Medjedovic invoked Code Is Law: the idea that if the smart contract allowed it, the action is legitimate. The Ontario Superior Court recognized this principle and ruled:
Meticulously notarized smart contract behavior is treated as a binding, automated agreement—especially when participants explicitly consent by using the platform.
🏛️ Canadian Courts Drop Charges
Despite U.S. pressure, a Canadian judge deemed the exploit lawful: Medjedovic acted within the bounds of code-based rules, with no deceit. His case became a landmark:
Code Is Law recognized in Canadian jurisprudence
Exposed ambiguity between digital innovation and traditional legal frameworks
Demonstrated that loophole exploitation—while controversial—can be lawful within Canadian courts investmentexecutive.com
While critics label it a “hack,” Canadian authorities concluded Medjedovic didn’t break any law—he merely outsmarted the code.
🌐 Why It Matters to Developers
DeFi contracts are automated legal systems—if it’s in the code, it may be fair play.
Smart contract solidity is crucial—small flaws can lead to multimillion-dollar exploits.
Legal clarity needed—jurisdictions must regulate smart contracts to prevent ambiguity.
Role of consent matters—users agree to protocols encoded in smart contracts; this consensus has weight in court.
🎯 Final Takeaway
Medjedovic’s case highlights a new frontier: automation as legal empowerment, not criminality. His exploit challenged norms and forced judicial reevaluation—resulting in acquittal under Canadian law. For developers and investors, it’s a wake-up call: code is law, but only if lawyers, technologists, and regulators all understand the code.
