US Authorities Seize $31M in Cryptocurrency Related to the 2021 Uranium Finance Hack

After four years of investigations, U.S. authorities have seized $31 million in cryptocurrency related to the 2021 Uranium Finance hack.

U.S. authorities have seized $31 million in cryptocurrency related to the 2021 Uranium Finance hack.

The Southern District of New York announced the seizure on Monday. Homeland Security Investigations in San Diego aided in the recovery.

Uranium Finance was a decentralized exchange that launched on April 1, 2021, on the BNB chain. It was a fork of Uniswap, an automated market maker.

On April 28, 2021, Uranium Finance suffered a Web 3.0 security breach. The result was $50 million in lost tokens spanning over 26 different market pairs, amounting to one of the most devastating DeFi attacks of the time.

The attackers laundered the money through crypto mixers and central exchanges, transferring small amounts simultaneously to avoid detection.

Victims of the attack were left stranded, not knowing what was happening behind the scenes.

The breach allowed attackers to inflate the project’s balance, manipulate token pairs, and drain funds from liquidity pools.

A brief inspection of the original Uniswap code reveals that a value of 1,000 is applied to a pair swap, allowing the new X and Y values of the output to apply a new fee. At the same time, a value K, used as a checking value, is also scaled along with the other values.

Uniswap is a very popular swapping protocol, having experienced many transactions and, therefore, having many more security patches. The problem, however, is when a fork happens without the development team moving over to the new project.

The Uranium Finance fork of the code, however, uses a magic value of 10,000 instead of 1,000. More critically, it continues to use 1,000 for the K value, introducing a discrepancy that can be exploited to inflate the prices. The disparity between 10,000 and 1,000 means that a swap is guaranteed to be 100 times larger than the K value before the swap.

This means that a hacker can swap a minimal amount of tokens for a much larger amount if the contract is changed appropriately. In the case of Uranium Finance, the attacker could drain the liquidity pools of the pair tokens.

The next step in hacking Uranium Finance was to withdraw and obfuscate the stolen tokens. This was done by mixing the tokens using Tornado Cash and depositing the new tokens into a centralized exchange.

The attackers seemed to have been meticulous with their hack, raising the question of how the authorities tracked the stolen tokens. The authorities have not yet revealed all the details about the seizure of funds.

The attack spanned multiple tokens. Of the $50 million extracted, Binance’s Blockchain Token (BNB) and Binance’s Stablecoin (BUSD) lost $18 million. Ethereum (ETH) and Binance’s Wrapped Bitcoin (BTCB) lost around $9 million. USDT lost around $6.7 million. DOT, ADA, and Uranium Finance Token lost $1.7 million.

Open information from BscScan shows the attackers swapping ADA and DOT for Ethereum, preparing to launder the tokens, and accumulating around 2,400 ETH.

These tokens, amounting to around $5.7 million, were mixed with Tornado Cash, an Ethereum anonymity and privacy tool.