The US authorities made a breakthrough to recover $31 million drained from the decentralized finance (DeFi) platform Uranium Finance in 2021.
The recovery relates to the $50 million funds that hackers drained from Uranium Finance after exploiting the vulnerability in the smart contract. The seizure emerged after the coordinated effort by the San Diego Homeland Security Investigations (HSI) and the Southern District of New York (SDNY) attorney office.
US Recovers $31M
The recovery revealed in a Monday X post echoed the HSI update of seizing crypto valued at $31 million as part of the April 2021 loot from Uranium Finance. The authorities urged the victims of the hack to visit the dedicated platform.
The hacker exploited the vulnerability existing in the DeFi protocol’s smart contracts. As such, the attacker inflated the protocol’s balance on April 28, 2021, and drained various cryptos amounting to $50 million.
Reflecting on the exploit revealed the hacker made way with $36.8 million comprising Binance USD (BUSD) stablecoin, Bitcoin, Polkadot, Ethereum, BNB, Uranium native token U92 and Cardano. The attacker leveraged the opportunity as the now-defunct platform transitioned to the V2.1 version.
A bug existing in the DeFi platforms contracts utilized in meaning pairing to guarantee liquidity pairs in the automated market maker (AMM). This allowed the attacker to access and withdraw the assets. The AMMs are utilized within the decentralized exchanges to facilitate people trading the cryptos directly among themselves from the assets pool rather than utilize the traditional order book approach.
The hacker channelled the funds to the Ethereum-based coin mixer Tornado Cash. This allowed the actor to move the funds to the centralized exchanges, ending the trail for the authorities who were pursuing the loot.
The authorities urged the victims to utilize the dedicated platform and email to shield them from further exploitation. The protocol has failed to update the victims since the exploit, leaving the victims with no recourse until the Monday breakthrough.
Attempt to Conceal Trail?
The recovery of the funds is partly due to the key role that the on-chain crypto sleuth, pseudonymously identified as ZachXBT, played in uncovering the laundering trail. In a Tuesday X post, ZachXBT recalled his Dec 2023 finding that the hacker funnelled the funds via Tornado Cash. The actor later acquired high-value trading cards valued at $10.5 million and was identified as the Magic: The Gatthering.
ZachXBT hailed the US government’s seizure of the $31 million, though it detailed that the exploiter laundered $10.5 million to fund the high-value trading cards. The collectible cards utilized in the strategy game fetch significant value. The December investigation detailed 11,200 Ether valued at $25 million from the TornaCash. The hacker utilized multiple addresses and later allocated them to trading cards sent to the US-based broker.
The process to conceal the transaction trail featured the conversion of ETH to the wrapped token (wETH) in a repeated cycle, making it difficult for the exchanges to spot and flag the underlying transactions as suspicious. This allowed the hacker to bypass the anti-money laundering (AML) checks deployed by the crypto exchanges.
Bybit $1.4 Billion Exploit
The recovery of the funds by the authorities relies upon the existence of blockchain analytic firms, including ZachXBT, Chainalysis and Arkham Intelligence. Besides their involvement in the Uranium Financeexploitst, they exposed the $1.4 billion Bybit hack on Friday, Feb 21.
ZachXBT scrutiny helped unmask the actors that drained the cold wallet of the second-largest crypto exchange by trading volume. The crypto sleuth identified the notorious Lazarus Group behind the attack that shook the crypto industry. The state-sponsored entity from North Korea continues to pose a threat to the industry.
ZachXBT has played a critical role in resolving the largest crypto theft after the hackers breached the Ether multisig cold wallet. The incident shows security within the crypto ecosystem must evolve continuously as the criminals deploy sophisticated attacks.