BSC-Based Uranium Finance Exploited for $50M
- The attacker reportedly stole 80 BTC, 1,800 ETH, 17.9 million BUSD, 5.7 million USDT, 638,000 ADA, 26,500 DOT, 34,000 wBNB, and 112,000 U92.
- Back on 3 April the project was attacked again, with the hacker stealing $1.3 million worth of BNB and BUSD at the time.
Shutterstock
Binance Smart Chain-based automated market maker (AMM) Uranium Finance has lost $50 million worth of crypto in a security incident, the DeFi project said on Twitter on 28 April.
According to the tweet, an unknown hacker attacked during the platform’s V2.1 migration event, and by exploiting a bug in the protocol was able to steal roughly $50 million worth of crypto. The Uranium Finance team has already contacted the Binance Smart Chain security team in an attempt to mitigate the situation and keep the funds on the network.
The attacker reportedly used a bug in the Uranium V2 balance modifier logic to inflate the platform’s balance by 100x, and then a swap function to drain the funds. The error allowed the hacker to steal several tokens, among which 80 BTC, 1,800 ETH, 17.9 million BUSD, 5.7 million USDT, 638,000 ADA, 26,500 DOT, 34,000 wBNB, and 112,000 U92, the project’s native token.
The hacker has already started moving and withdrawing the funds to the Ethereum network. He first started with the ADA and DOT tokens, which were swapped for the BSC version of ETH through DeFi project PancakeSwap, and then used cross-chain swap protocol AnySwap to migrate those funds to the Ethereum network. According to Etherscan data, the funds were transferred in 100 ETH increment.
This is not the first time the project had suffered from an attack this Month. Earlier in April, one of Uranium’s pools was exploited by a hacker, who was able to steal around $1.3 million worth of BUSD and BNB. Shortly after the attack, Uranium migrated to its V2 iteration and said it was able to recover around $1 million from the attack.
Hacks and exploits on DeFi projects have become more common in recent months. Back in March, BSC-based project Meerkat Finance lost $34 million in crypto only a day after it had officially launched. The ForceDAO DeFi protocol was also attacked by 5 hackers, who were able to drain 183 ETH from the project, only hours after it had launched an airdrop campaign on 3 April. Last week, EasyFi was also suffered an attack, which saw the project loose $70 million worth of tokens.
- The New York Jurors took 4 fours of deliberating before pronouncing the former FTX CEO guilty of all seven charges of fraud and conspiracy to commit fraud.
- Bankman-Fried will now have to appear in court on 28 March, 2024, where he will face a potential maximum sentence of 115 years in prison.
Former CEO of FTX Sam Bankman-Fried leaves the Federal Court in New York after pleading not guilty, 3 January, 2022.
lev radin/Shutterstock
- The U.S. Department of Justice has expressed its concerns over Sam Bankman-Fried’s seven expert witnesses, and requested they be barred from testifying on the case.
- The DoJ claimed most of the proposed experts lacked the necessary foundation for their opinions, making them unqualified to be an expert witness.
- Decentralized finance (DeFi) has become one of the hottest trends in the crypto world as it’s more transparent and decentralized than traditional finance.
- Here are our top picks of DeFi projects that have a good potential growth, and some of the protocols that did not made the list, such as RING Financial.