Uranium Finance, a decentralized finance (DeFi) project on the Binance Smart Chain (BSC), has been hacked and as many as $ 50 million worth of various cryptocurrencies have been stolen. The project announced this via Twitter on April 28:
Uranium Finance is a so-called automated market maker (AMM) and a hard fork of Uniswap (UNI). The hackers allegedly exploited a bug in the system during the migration to version 2.1
The following $ 50 million crypto has been stolen: 80 bitcoin (BTC), 1,800 ethereum (ETH), 26,500 polkadot (DOT), 5.7 million tether (USDT), 638,000 cardano (ADA), 34,000 wrapped binance coins (WBNB) ) and 17.9 million binance USD (BUSD). In addition, 112,000 u92 tokens, the native token of the Uranium platform, were also stolen.
The ADA and DOT have already been transferred to ETH via PancakeSwap. Then 2,400 ETH was sent to Tornado Cash, a so-called token mixer to erase tracks. It is striking that the u92 tokens have been staked. The Uranium team reports that they have contacted Binance. Binance has not yet responded to the incident.
It is not the first time this has happened with Uranium, less than two weeks ago, $ 1.3 million worth of crypto was also stolen from the platform. Igor Igamberdiev, researcher at The Block, calls it very suspicious.
According to the researcher, the team had already fixed the bug once and they should have been aware of it. He fears the team deliberately put the bug in to perform a so-called back pull: