U.S. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, a Binance Smart Chain-based DeFi protocol. The second attack took place on April 28, 2021, and leveraged a single-character coding error in Uranium Finance's trading logic, allowing attackers to steal $52 million by manipulating balances. Blockchain intelligence firm TRM Labs reported today that it has aided the Southern District of New York (SDNY) and Homeland Security Investigations (HSI) San Diego in tracking and recovering the stolen assets, resulting in one of the most significant retrievals in recent years. The platform launched in April 2021, but hackers quickly exploited vulnerabilities in its smart contracts to drain its assets and push it to premature death, causing millions in investor losses. "In February 2023, TRM worked closely with law enforcement to meticulously trace the movement of stolen assets across multiple blockchains, identifying key laundering patterns and generating actionable intelligence for law enforcement," reads the TRM Labs report. The first attack, from April 6, 2021, exploited a vulnerability in the reward distribution system, leading to a $1.4 million theft. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Uranium Finance was a decentralized finance (DeFi) protocol built on Binance's BNB Chain that operated as an automated market maker (AMM) similar to Uniswap. The funds were stolen in two attacks, both in April 2021, resulting in losses of over $53,700,000. The stolen funds were laundered through decentralized exchanges, converted into various cryptocurrencies, and stored in dormant wallets for years.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 01 Mar 2025 00:25:17 +0000