U.S. authorities have made a breakthrough in recovering funds lost to crypto crime, seizing $31 million in crypto tied to the 2021 hack of DeFi platform Uranium Finance.
The seizure comes after a coordinated effort by the U.S. Attorney's Office for the Southern District of New York (SDNY) and Homeland Security Investigations in San Diego, the SDNY announced in a tweet Monday.
SDNY and @HSISanDiego seize cryptocurrency worth approximately $31 million related to April 2021 hack of Uranium Finance. If you believe you have been a victim of this hack, please contact UraniumVictims@hsi.dhs.gov.
The hack, which took place on April 28, 2021, exploited a vulnerability in Uranium Finance’s smart contractssmart contracts, enabling the attacker to inflate the platform’s balance and extract $50 million in various cryptos.
The stolen funds included $36.8 million in BNB (BNB) and stablecoin Binance USD (BUSD), along with Bitcoin (BTC), Ethereum (ETH), Polkadot (DOT), Cardano (ADA), and Uranium’s native token U92.
The now-defunct DeFi platform was attacked during the transition of its protocol to the V2.1 version.
A bug in the platform's pair contracts—used to manage liquidity pairs in its automated market maker (AMM)—enabled the attacker to withdraw nearly all assets from the protocol.
AMMs are used in decentralized exchanges to enable people to trade cryptocurrencies directly with each other using pools of assets rather than relying on a traditional order book.
Following the theft, the hacker laundered the funds using the Ethereum-based coin mixer Tornado Cash before transferring them to centralized exchanges, creating a complex trail for authorities to follow.
The authorities have set up a dedicated email–UraniumVictims@hsi.dhs.gov–for victims of the exploit to report their grievances.
The platform’s website and social media have remained silent since the attack, leaving investors without recourse until now.
Pseudonymous on-chain crypto sleuth ZachXBT played a key role in uncovering the laundering process.
In a tweet today, ZachXBT referenced his December 2023 report detailing how the stolen funds were funneled through Tornado Cash and later used to purchase high-value trading cards, specifically "Magic: The Gathering" cards.
A few hours ago it was announced that $31M from the Uranium Finance exploit was seized by US law enforcement.
In Dec 2023 I posted an investigation for the $50m Uranium exploit on BSC detailing how the exploiter had laundered $10.5M via Magic The Gathering trading cards using a… pic.twitter.com/tJtY54V2vf
"Magic: The Gathering" trading cards are collectible cards used in a popular strategy game, with some rare cards fetching significant value.
ZachXBT's December investigation revealed that the hacker withdrew 11,200+ ETH, worth $25 million, from the coin mixer, moving it through multiple addresses before spending millions on trading cards, which were then sent to a U.S.-based broker.
This process involved converting ETH into a wrapped token (wETH) and then back again, making it harder for exchanges to detect and flag the transactions as suspicious, thus bypassing standard anti-money laundering (AML) checks.
Alongside his work on the Uranium Finance exploit, ZachXBT has helped expose those responsible for other major crypto attacks.
His analysis played a pivotal role in unmasking the perpetrators behind the recent Bybit exchange hack, one of the largest exploits in crypto history, in which over $1.4 billion in assets were stolen.
The crypto security investigator’s analysis traced the attack back to the Lazarus Group, a notorious North Korean hacking entity responsible for multiple high-profile crypto hacks in recent years.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Meteora, a prominent Solana-based DEX, is facing a new class action lawsuit in New York, accused of allegedly engineering a $69 million rug pull tied to its M3M3 meme coin launch.
Filed on behalf of plaintiffs Jonathan Clarke, Rodrigo Ferreira Da Cruz Vogt, and others, the suit alleges that Meteora and founder Benjamin Chow, alongside Kelsier Ventures and named executives, jointly developed a scheme to defraud investors via the Solana-based M3M3 token.
This led to the loss of at least $69 millio...
The European Data Protection Board has approved draft rules governing how personal data is stored and shared on blockchains, marking another step toward aligning decentralized technology with existing standards.
The new guidelines limit access to stored information and comply with the General Data Protection Regulation (GDPR) protections, according to the EDPB, which ratified the rules this month and opened public comment until June 9.
“Blockchains have certain properties that can lead to challe...
Defense attorneys for YouTubers Kyle Forgeard and John Shahidi, also known as the Nelk Boys, have moved to dismiss a class action lawsuit accusing them of fraud over their Full Send Metacard NFT project.
Attorneys for the Nelk Boys argued that the plaintiff turned down a full refund and that the complaint lacks specific false claims.
The lawsuit was filed in January on behalf of Metacard NFT buyers, alleging that the defendants had misled consumers with promises of exclusive perks and community...
