Uranium Finance hacker reawakens, shifts $3.3M

On April 28, 2021, a supposed development team member on the Uranium Discord channel said the intrusion may have been an inside job.

One of the wallets associated with the $50 million Uranium Finance theft in April 2021 seems to have awoken after 647 days of dormancy, with funds headed for the cryptocurrency mixer Tornado Cash.

Using their separate Twitter alert accounts, PeckShield and CertiK brought to notice the unexpected change on March 7.

According to Etherscan statistics, the hacker moved 2,250 Ether worth $3.35 million in transactions ranging from 1 ETH to 100 ETH over seven hours, with all of the funds going for Tornado Cash.

This is nevertheless just one of the hacker’s connected wallets. A third Ethereum wallet associated with the hacker was last used 159 days ago, when 5 ETH were transmitted to the privacy-focused Ethereum zk-roll on Aztec.

There is yet another instance in 2023 in which a hacker’s wallet has awakened after a protracted slumber.

About a year after hacking the Wormhole bridge for $321 million in early 2022, the Wormhole hacker shifted around $155 million worth of ETH in January.

In the same month, a renowned hacker known as the “blockchain bandit” transferred almost $90 million after a six-year hibernation.

In February, the Wormhole hacker transferred another $46 million worth of stolen cash, while prominent blockchain investigator ZachXBT tweeted on February 23 that “dormant monies left behind” from the $230 million Gate.io exchange attack by North Korea in April 2018 “began to move after almost 4.5 years.”

On April 28, 2021, the Binance Smart Chain-based automated market maker Uranium Finance was abused.

During Uranium’s v2.1 protocol launch and token migration event, the hacker exploited a flaw in the code that enabled him to steal $50 million.

The site seems to have shut down immediately after the attack, since its last tweet, advising users to withdraw cash from its multiple liquidity pools, was published on April 30, 2021.

Notably, on April 28, 2021, a purported member of the project’s development team indicated on the Uranium Discord channel that the breach may have been an inside job.

They noted that only a limited number of team members were aware of the security weakness before the introduction of the v2.1 protocol, and they questioned the timing of the attack, which occurred barely two hours before the launch.

Since then, there have been no more updates on the project or its victims. Yet, October 2017 forum entries on Binance show that users have been abandoned.

User “RecoveryMad,” asked for an update on the breach on October 26 and reported that the Uranium team’s representative in the community Telegram had “disappeared.”

In reply, user “nofiatnolie” said, “No investigation was conducted. This matter was pushed under the rug. There are still victim groups with unanswered questions, and crowdsourced investigations point to the Uranium developers and others as suspects.”