Uranium Finance, a Decentralized Finance (DeFi) project based on the Binance Smart Chain, said the company was exploited early Wednesday and lost $50 million.
Harkers Stole $50M from Binance’s Smart Chain-based DeFi Project
Uranium is an Automated Market Maker (AMM) protocol derived from Uniswap V2 that claims to offer dividends to users every day.
“In our pool and in our farm, like all other DEX (decentralized exchanges), you will receive our U92 token reward. The difference is that we have created a second token, the U92-corresponding token: U235 if you have this token Keep in your wallet, you become “our AMM investors so you can earn dividends for every chunk of BNB and BUSD you earn,” says Uranium’s website.
Uranium revealed that the exploit targeted its v2.1 token migration event and that the team was in contact with the Binance security team to mitigate the situation, tweeting on Wednesday.
According to reports, hackers exploited a flaw in the logic of the uranium balance modifier that increased the balance of the project by 100 times.
The bug enabled the attackers to steal $50 million from the project. At this point in time, the contract created by the hacker still contains Binance Coin (BNB) and Binance USD (BUSD) for $36.8 million, according to reports,
The remaining stolen funds include 80 Bitcoin (BTC), 1,800 Ethereum (ETH), 26,500 Polkadot (DOT), 5.7 million Tether (USDT), as well as 638,000 Cardano (ADA) and 112,000 U92 (the project’s native coins).
The details of BscScan revealed that the attacker exchanged ADA and DOT tokens for ETH, increasing the amount of ether storage to around 2,400 ETH.
At the same time, the alleged theft planners used the Ethereum data protection tool Tornado Cash to transfer 2,400 ETH worth around $ 5.7 million.
Data from the Ethereum chain monitoring service Etherscan shows that the funds flow in a total of 100 ETH and the cross-chain decentralized exchange bridge AnySwap is used to migrate funds from BSC to the Ethereum network.
According to Uranium, the project has contacted Binance’s security team to prevent hackers from removing more money from the BSC ecosystem.
The Issue has not been Resolved
A uranium spokesman announced that the vulnerability had not been resolved. It is recommended that users run out of liquidity for the project and withdraw their funds.
The team also created a Telegram Group for the hacker’s victims and promised to provide information on the recovery of stolen funds.
Wednesday’s hacking was the second attack in quick succession on the uranium project. In early April, hackers used a pool on the platform to steal BUSD and BNB worth around $1.3 million.
In fact, this incident led to the first migration to version 2 less than two weeks ago. In an earlier announcement, the uranium development team stated that several companies have reviewed their v2 contracts and learned from previous mistakes.
At the same time, given the sudden decision to draft another version upgrade just 11 days after the v2 migration was complete, there is endless speculation as to whether the attack was internal work.