The US government last week announced that it has seized roughly $31 million worth of cryptocurrency stolen in April 2021 from Uranium Finance.
Uranium Finance was hacked twice in April 2021, with the total losses amounting to over $53 million, making it one of the largest hacks in decentralized finance (DeFi) at the time.
According to blockchain intelligence firm TRM Labs, which investigated the transactions linked to the heist and helped authorities trace the stolen funds, the attackers exploited vulnerabilities in Uranium Finance’s smart contract code to steal various tokens.
In the first incident, which occurred between April 6 and 8, hackers exploited the protocol’s reward distribution system to steal roughly $1.4 million, but returned approximately $1 million in assets.
On April 28, a second attack targeted a vulnerability in Uranium Finance’s trading logic, resulting in the theft of $52 million. Uranium Finance shut down after the heist.
“The flaw acted as a faulty vault mechanism, miscalculating balances and allowing attackers to withdraw significantly more tokens than should have been permitted. The sheer simplicity of the exploit exposed critical weaknesses in smart contract security,” TRM explains.
The hackers used Tornado Cash and multiple decentralized exchanges to convert the stolen tokens into various cryptocurrency and store the funds in dormant wallets for approximately three years, until moving them again in early 2024.
TRM says it started tracing the stolen assets across blockchains in February 2023 and, together with law enforcement, identified laundering patterns and linked the funds to Tornado Cash transactions and cross-chain swaps.
As a result, the US Attorney’s Office for the Southern District of New York and Homeland Security Investigations San Diego were able to seize $31 million in stolen assets, as the US Justice Department announced on X last week.
Related: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge
Related: Indiana Man Sentenced to 20 Years in Prison for Hacking, $37 Million Crypto Theft
Related: US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists
Related: $50 Million Radiant Capital Heist Blamed on North Korean Hackers
