Skip to content
- US authorities seized $31 million in crypto linked to the 2021 Uranium Finance hack, marking a major recovery effort in DeFi-related cybercrime.
- The exploit originally drained $50 million from the BNB Chain-based AMM due to a vulnerability in its v2 smart contract.
- The case highlights ongoing security risks in DeFi and the need for stronger smart contract protections and governance.
US authorities seized $31 million of cryptocurrency linked to the April 2021 hack of the collapsed DeFi project known as Uranium Finance. The recovery constitutes a major step toward resolving one of the most notorious DeFi hacks, during which hackers stole millions of dollars from the project based on a critical vulnerability.
The hacking was a collaborative operation of the US Attorney’s Office of the Southern District of New York and the San Diego field office of the Department of Homeland Security Investigations in California. Prosecutors announced the development in a Feb. 24 post on X (formerly Twitter) but did not identify the hackers. The authorities welcomed the victims of the hack to report it and the probability of an attempt at restitution.
Turanium Finance was an automated market maker (AMM) built on the BNB Chain, which had been forked from Uniswap and had been live since 1 April 2021. Weeks later, however, it was hacked on 28 April 2021 with a v2 smart contract of Uranium, which had a vulnerability that allowed hackers to inflate the site’s balance 100x and drain it of capital.
Hacked Twice Uranium Finance Loses $50M in Crypto
The exploit resulted in the loss of approximately $50 million in digital assets, impacting multiple cryptocurrencies. The stolen funds included $36.8 million in Binance Coin (BNB) and Binance USD (BUSD), along with 80 Bitcoin (BTC), 1,800 Ethereum (ETH), 26,500 Polkadot (DOT), and 5.7 million Tether (USDT). Additionally, the attackers took 638,000 Cardano (ADA) and 112,000 U92 tokens, Uranium’s native cryptocurrency.
After the hack, the hacker immediately traded the hacked proceeds of Cardano (ADA) and Polkadot (DOT) into Ethereum (ETH) and further laundered the proceeds with the help of the widely used crypto mixer named Tornado Cash. The hacked proceeds were further deposited into centralized exchanges and it became hard to track them further.
Shortly after the attack, speculation arose that the Uranium Finance hack could have been an inside job. One of the platform’s Discord administrators claimed that internal actors may have orchestrated the exploit, although this theory remains unproven.
Adding to the debacle, Uranium Finance was also hacked earlier that month. On April 8, 2021, the hackers hacked into a vulnerability in the v1 liquidity pool of Uranium and stole $1.3 million of BNB and BUSD. The company promptly released an updated v2 version on April 16, but it was hacked 12 days later.
After the second hack, the Uranium Finance site went offline, and the company’s public X (Twitter) page went quiet after 30 April 2021. The investors had no answers and no recovery of investment capital options, and the incident further stoked anger in the world of DeFi.
$31M Crypto Recovery Boosts DeFi Security
The seizure of the $31 million hacked crypto is part of a larger campaign of US authorities against the threat of cybercrimes within the cryptocurrency and the DeFi sector. While this development has a message of hope for affected investors, it also underscores the endemic threat of loopholes in the use of smart contracts, the issue of security breaches, and the failures of the governance of the decentralized system.
As the regulators intensify enforcement activities and institute tighter controls, the Uranium Finance hack is a harsh lesson in the need for security audits, openness, and good governance among DeFi projects. With billions of dollars trapped in decentralized protocols, the need to build strong controls becomes imperative in avoiding future breaches and regaining the sector’s confidence.
Related | Bitcoin Eyes 100K Breakout as Market Momentum Builds
