U.S. authorities have made a breakthrough in recovering funds lost to crypto crime, seizing $31 million in crypto tied to the 2021 hack of DeFi platform Uranium Finance.
The seizure comes after a coordinated effort by the U.S. Attorney's Office for the Southern District of New York (SDNY) and Homeland Security Investigations in San Diego, the SDNY announced in a tweet Monday.
SDNY and @HSISanDiego seize cryptocurrency worth approximately $31 million related to April 2021 hack of Uranium Finance. If you believe you have been a victim of this hack, please contact UraniumVictims@hsi.dhs.gov.
The hack, which took place on April 28, 2021, exploited a vulnerability in Uranium Finance’s smart contractssmart contracts, enabling the attacker to inflate the platform’s balance and extract $50 million in various cryptos.
The stolen funds included $36.8 million in BNB (BNB) and stablecoin Binance USD (BUSD), along with Bitcoin (BTC), Ethereum (ETH), Polkadot (DOT), Cardano (ADA), and Uranium’s native token U92.
The now-defunct DeFi platform was attacked during the transition of its protocol to the V2.1 version.
A bug in the platform's pair contracts—used to manage liquidity pairs in its automated market maker (AMM)—enabled the attacker to withdraw nearly all assets from the protocol.
AMMs are used in decentralized exchanges to enable people to trade cryptocurrencies directly with each other using pools of assets rather than relying on a traditional order book.
Following the theft, the hacker laundered the funds using the Ethereum-based coin mixer Tornado Cash before transferring them to centralized exchanges, creating a complex trail for authorities to follow.
The authorities have set up a dedicated email–UraniumVictims@hsi.dhs.gov–for victims of the exploit to report their grievances.
The platform’s website and social media have remained silent since the attack, leaving investors without recourse until now.
Pseudonymous on-chain crypto sleuth ZachXBT played a key role in uncovering the laundering process.
In a tweet today, ZachXBT referenced his December 2023 report detailing how the stolen funds were funneled through Tornado Cash and later used to purchase high-value trading cards, specifically "Magic: The Gathering" cards.
A few hours ago it was announced that $31M from the Uranium Finance exploit was seized by US law enforcement.
In Dec 2023 I posted an investigation for the $50m Uranium exploit on BSC detailing how the exploiter had laundered $10.5M via Magic The Gathering trading cards using a… pic.twitter.com/tJtY54V2vf
"Magic: The Gathering" trading cards are collectible cards used in a popular strategy game, with some rare cards fetching significant value.
ZachXBT's December investigation revealed that the hacker withdrew 11,200+ ETH, worth $25 million, from the coin mixer, moving it through multiple addresses before spending millions on trading cards, which were then sent to a U.S.-based broker.
This process involved converting ETH into a wrapped token (wETH) and then back again, making it harder for exchanges to detect and flag the transactions as suspicious, thus bypassing standard anti-money laundering (AML) checks.
Alongside his work on the Uranium Finance exploit, ZachXBT has helped expose those responsible for other major crypto attacks.
His analysis played a pivotal role in unmasking the perpetrators behind the recent Bybit exchange hack, one of the largest exploits in crypto history, in which over $1.4 billion in assets were stolen.
The crypto security investigator’s analysis traced the attack back to the Lazarus Group, a notorious North Korean hacking entity responsible for multiple high-profile crypto hacks in recent years.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
DeFi policy experts and industry leaders are coming out swinging against the House’s crypto market structure bill, dubbed the CLARITY Act, just hours before the landmark legislation is set to face a floor vote.
After months of tongue biting, DeFi policy leaders from a spectrum of nonprofits, advocacy groups, and top industry firms—who requested anonymity to speak candidly—told Decrypt they believe the bill as written, while not explicitly hostile to DeFi, is deeply flawed. If signed into law, C...
The U.S. Department of Justice and Commodity Futures Trading Commission have ended investigations into crypto-powered prediction markets platform Polymarket, a source familiar with the cases confirmed to Decrypt.
Bloomberg first reported the news, citing an unnamed source familiar with the actions. Polymarket founder and CEO Shayne Coplan then confirmed the Bloomberg report via an X post.
“Eight months ago, on election night, we were on top of the world after Polymarket called the election,” Cop...
A New Zealand woman accused of murdering her elderly mother allegedly deployed a crypto exit scam just days before, extracting thousands through fabricated trading profits while hemorrhaging over $40,000 in crypto and Bitcoin investments the year before, prosecutors said Monday.
Julia DeLuney faces murder charges in Wellington High Court for the death of her 79-year-old mother, Helen Gregory, at her Khandallah home on January 24, 2024.
Prosecutors allege DeLuney staged the scene to make it appe...
