Uranium Finance, a DeFi project on the Binance Smart Chain, was drained of more than $50 million

Another DeFi project on Binance Smart Chain has fallen into the hands of hackers. This time, Uranium Finance was hacked and stolen over $ 50 million. Currently, the project is contacting the Binance security team to resolve. However, according to the trace, the funds were sent to Tornado Cash – a non-custodial privacy solution for the Ethereum network based on zkSNARKs technology.

Accordingly, the team quickly informed users as follows:

Uranium Finance joins the list of projects under attack

The attackers exploited a bug in the Uranium Finance smart contract to swap a single token for most of the other tokens in the protocol’s liquidity pool. Although Uranium is a fork of SushiSwap, another popular decentralized exchange on Ethereum, the team has not properly tuned the code. This leaves the protocol completely open, easy to attack.

Accordingly, Kyle Kistner, the co-founder of the bZx protocol has raised a question about Uranium’s upgrade timing. According to him, this is a rather strange time to upgrade:

“Today @UraniumFinance got rekt. The Uranium devs had just deployed v2 of their contracts, and 11 days later they asked everyone to migrate to v2.1. Pretty odd timing for an upgrade, right?”

Kistner then explained how the protocol was hacked as follows:

While the team was trying to patch the security hole, the hackers swapped into ETH and sent them to Tornado Cash, a privacy-preserving mixer.


The attacker sent ETH in batches of 100 to Tornado Cash, a privacy-preserving mixer | Source: Etherscan

This happened during the development of Uranium to the v2 upgrade. The team is currently in the process of contacting law enforcement and is working hard to partner with the Binance security team.

This is not the first hack on Binance Smart Chain. Lately, many protocols have been exploited by hackers like Uranium Finance or by its founding team, as is the case with the Meerkat Finance protocol. The project subsequently lost about 13 million BUSD and around 73,000 BNB, a total current value of $ 31.01 million at this time. Funds continue to be moved to many new blockchain addresses.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like