$31M recovered from 2021 Uranium Finance crypto hack

U.S. authorities have successfully seized approximately $31 million in cryptocurrency linked to the 2021 hack of Uranium Finance, a now-defunct decentralised finance (DeFi) platform.

The announcement was made by the U.S. Attorney’s Office for the Southern District of New York (SDNY) and Homeland Security Investigations (HSI) in San Diego.

The recovery comes nearly four years after the April 28, 2021, attack, when a hacker exploited a vulnerability in Uranium Finance’s smart contracts, resulting in the theft of approximately $50 million in various cryptocurrencies.

The stolen assets included Bitcoin (CRYPTO:BTC), Ethereum (CRYPTO:ETH), Binance Coin (CRYPTO:BNB), Binance USD (CRYPTO:BUSD), Polkadot (CRYPTO:DOT), Cardano (CRYPTO:ADA), Tether (CRYPTO:USDT), and Uranium’s native token, U92.

According to reports, the attacker exploited a critical vulnerability in Uranium Finance’s smart contracts during its transition to the V2.1 protocol.

The flaw allowed the withdrawal of nearly all available assets.

Following the hack, suspicions arose due to the timing of the attack, which occurred shortly after Uranium Finance launched its V2 upgrade.

The project's contract repository was also removed from GitHub, leading to speculation about potential insider involvement.

The stolen funds were laundered using crypto mixers like Tornado Cash (CRYPTO:TORN) and cross-chain bridges such as AnySwap (CRYPTO:ANY) to obfuscate the trail.

Despite these efforts, law enforcement managed to track and recover a significant portion of the stolen funds.

TRM Labs worked with law enforcement to trace the movement of the stolen assets across multiple blockchains and identify key laundering patterns.

Uranium Finance, which was a clone of the automated market maker (AMM) Uniswap (CRYPTO:UNI) on Binance's BNB Chain, shut down after the attack, leaving victims without a means of financial restitution.

In addition to the April 28 exploit, Uranium Finance experienced an earlier attack on April 6, 2021, where hackers stole $1.3 million worth of BNB and BUSD by exploiting a vulnerability in the reward distribution system.