$50 million allegedly looted from BSC-based Uranium Finance

 173 Interactions,  2 Today

Uranium Finance joins the growing list of hacked Binance Smart Chain ventures.

Uranium Finance, an integrated market maker network on the Binance Smart Chain, has announced a security breach that resulted in a $50 million loss.

Tweeting on Wednesday, Uranium revealed that the exploit targeted its v2.1 token migration event and that the team was in contact with the Binance security team to mitigate the situation.

The hacker allegedly exploited flaws in Uranium’s balance modifier logic, inflating the project’s balance by a factor of 100.

According to reports, the perpetrator was able to rob $50 million from the project as a result of this mistake. At the time of publication, the hacker’s contract already held $36.8 million in Binance Coin (BNB) and Binance USD (BUSD).

80 Bitcoin (BTC), 1,800 Ether (ETH), 26,500 Polkadot (DOT), 5.7 million Tether (USDT), 638,000 Cardano (ADA), and 112,000 u92, the project’s native currency, are among the remaining looted assets.

According to BscScan, the intruder exchanged the ADA and DOT tokens for ETH, raising the Ether stash to about 2,400 ETH.

See also  Here are some of the reasons why Binance Coin may be in a no-lose situation.

Meanwhile, the suspected mastermind of the robbery has already transferred 2,400 ETH, valued at about $5.7 million, using the Ethereum privacy tool Tornado Cash.

According to data from the Ethereum chain tracking service Etherscan, funds are flowing in 100 ETH increments, with the cross-chain mutual trading bridge AnySwap being used to transfer funds from BSC to the Ethereum network.

Source: Etherscan

According to Uranium, the project has contacted the Binance security team in order to discourage the hacker from withdrawing further funds from the BSC ecosystem.

Binance did not respond immediately to Cointelegraph’s request for comment. According to a Uranium representative, the error is yet to be fixed, and consumers have been told to avoid supplying liquidity on the project and cash out their funds.

The team has developed a Telegram community for hack victims, pledging to keep them updated on the progress being made to retrieve the stolen funds.

Wednesday’s hack is the second attack on the Uranium project in quick succession. Earlier in April, hackers exploited one of the platform’s pools, stealing about $1.3 million worth of BUSD and BNB.

Indeed, the incident led to the first migration to v2 less than two weeks ago. In a previous announcement, the Uranium developer team said that multiple entities had audited its v2 contracts and that it had learned from its previous mistakes.

See also  In Xiong'an, China, blockchain-based digital yuan wage payments are introduced.

Meanwhile, speculation is rife as to whether the attack was an inside job, given the sudden decision to engineer another version upgrade barely 11 days after completing the v2 migration.

Hacks involving smart contract bugs are popular in the decentralised finance room, including in fully audited ventures, as was the case with MonsterSlayer Finance earlier this month. Meerkat, a Yearn.finance clone on the BSC, allegedly “exit-scammed” its users in March, taking $31 million in the process.

Days later, the project’s developer team announced that the supposed “rug pull” was a test, and that the funds would be returned. Another BSC-based project, TurtleDex, also exit-scammed shortly after its completion, stealing over 9,000 BNB tokens collected during the pre-sale.


Subscribe to our newsletter


Leave a Reply

Your email address will not be published. Required fields are marked *