The attack on the DeFi platform Uranium Finance in 2021 allowed the perpetrators to exploit a vulnerability in the smart contract, stealing $50 million in assets. Recently, U.S. authorities made a breakthrough in recovering funds from cryptocurrency crime, seizing $31 million related to this hack.
Investigation and Recovery Process
The Southern District of New York Attorney's Office (#SDNY ) in coordination with the San Diego Homeland Security Investigations announced the successful recovery of these funds on Twitter on Monday. The attack took place on April 28, 2021, when the hacker exploited a vulnerability in Uranium Finance's smart contract to manipulate balances and withdraw $50 million in various cryptocurrencies.
Among the stolen assets were $36.8 million in Binance Coin ($BNB ) and Binance USD (BUSD), along with Bitcoin (BTC), Ethereum ($ETH ), Polkadot ($DOT ), Cardano (ADA), and the U92 token of Uranium Finance. The attack occurred during the platform's transition to version V2.1.
The vulnerability was in the contract managing the liquidity pairs of the automated market maker (AMM) protocol, allowing the hacker to withdraw nearly all assets from the platform.
After stealing the funds, the hacker laundered money through Tornado Cash—a coin mixer on Ethereum—before transferring it to centralized exchanges, creating a complex series of transactions to hide their tracks.
ZachXBT's Role in the Investigation
Anonymous on-chain analyst ZachXBT played a crucial role in tracing the hacker. In a report from December 2023, ZachXBT pointed out that the hacker had withdrawn over 11,200 ETH (equivalent to $25 million) from Tornado Cash, moving through various addresses before spending millions to purchase 'Magic: The Gathering' trading cards—a popular strategy game.
The hacker executed transactions converting ETH to wETH and then back to ETH to avoid detection by exchanges and evade anti-money laundering (AML) systems. These valuable tokens were then sent to a broker in the United States.
In addition to the Uranium Finance incident, ZachXBT has also assisted in investigating other major attacks, including the $1.4 billion Bybit exchange hack—one of the largest attacks in cryptocurrency history. His investigation traced the tracks of the Lazarus group, a notorious hacking organization from North Korea, believed to be behind many major crypto hacks in recent years.
Support for Victims and Risk Warnings
U.S. officials have established a support email—[email protected]—for victims of the hack to report damages. However, the platform #UraniumFinance has since ceased operations and there have been no updates on the website or social media since the attack.
The recovery of a portion of the stolen funds is a positive signal, indicating that law enforcement is increasingly enhancing its ability to trace and recover assets in the cryptocurrency space. However, the incident is also a reminder that the DeFi market still poses many security risks. Investors should exercise caution when using decentralized financial platforms and always conduct thorough checks before participating.
Warning: Investing in cryptocurrency always carries risks. Please conduct thorough research before making a decision and only invest what you can afford to lose.