Feds Recover $31 Million in Crypto From 2021’s Uranium Finance Exploit

U.S. authorities have made a breakthrough in recovering funds lost to crypto crime, seizing $31 million in crypto tied to the 2021 hack of DeFi platform Uranium Finance.

The seizure comes after a coordinated effort by the U.S. Attorney's Office for the Southern District of New York (SDNY) and Homeland Security Investigations in San Diego, the SDNY announced in a tweet Monday.

The hack, which took place on April 28, 2021, exploited a vulnerability in Uranium Finance’s smart contracts, enabling the attacker to inflate the platform’s balance and extract $50 million in various cryptos.

The stolen funds included $36.8 million in BNB (BNB) and stablecoin Binance USD (BUSD), along with Bitcoin (BTC), Ethereum (ETH), Polkadot (DOT), Cardano (ADA), and Uranium’s native token U92.

The now-defunct DeFi platform was attacked during the transition of its protocol to the V2.1 version.

A bug in the platform's pair contracts—used to manage liquidity pairs in its automated market maker (AMM)—enabled the attacker to withdraw nearly all assets from the protocol.

AMMs are used in decentralized exchanges to enable people to trade cryptocurrencies directly with each other using pools of assets rather than relying on a traditional order book.

Following the theft, the hacker laundered the funds using the Ethereum-based coin mixer Tornado Cash before transferring them to centralized exchanges, creating a complex trail for authorities to follow.

The authorities have set up a dedicated email–UraniumVictims@hsi.dhs.gov–for victims of the exploit to report their grievances.

The platform’s website and social media have remained silent since the attack, leaving investors without recourse until now.

Pseudonymous on-chain crypto sleuth ZachXBT played a key role in uncovering the laundering process.

In a tweet today, ZachXBT referenced his December 2023 report detailing how the stolen funds were funneled through Tornado Cash and later used to purchase high-value trading cards, specifically "Magic: The Gathering" cards.

"Magic: The Gathering" trading cards are collectible cards used in a popular strategy game, with some rare cards fetching significant value.

ZachXBT's December investigation revealed that the hacker withdrew 11,200+ ETH, worth $25 million, from the coin mixer, moving it through multiple addresses before spending millions on trading cards, which were then sent to a U.S.-based broker.

This process involved converting ETH into a wrapped token (wETH) and then back again, making it harder for exchanges to detect and flag the transactions as suspicious, thus bypassing standard anti-money laundering (AML) checks.

Alongside his work on the Uranium Finance exploit, ZachXBT has helped expose those responsible for other major crypto attacks.

His analysis played a pivotal role in unmasking the perpetrators behind the recent Bybit exchange hack, one of the largest exploits in crypto history, in which over $1.4 billion in assets were stolen.

The crypto security investigator’s analysis traced the attack back to the Lazarus Group, a notorious North Korean hacking entity responsible for multiple high-profile crypto hacks in recent years.