US authorities have seized $31 million worth of cryptocurrency linked to the April 2021 hack of Uranium Finance, a now-defunct DeFi platform.
The seizure was the result of a collaborative investigation by the US Attorney’s Office for the Southern District of New York (SDNY) and Homeland Security Investigations (HSI) in San Diego. Officials have not disclosed the identities of the hackers but urged victims of the attack to come forward.
What We Know So Far?
The announcement came in a post on X (Twitter) by the SDNY on February 24. However, no additional details were provided regarding how the funds were recovered or whether arrests have been made.
A spokesperson for SDNY declined to comment when approached by CoinDesk.
A Major Attack on the DeFi Sector
Uranium Finance, a DEX built on Binance’s BNB Chain, suffered a devastating security breach in April 2021.
The attacker exploited a flaw in the platform’s smart contract, allowing them to steal approximately $50 million in various cryptocurrencies. At the time, this was one of the largest hacks in DeFi history.
The platform was a fork of SushiSwap, another popular decentralized exchange. However, Uranium Finance’s developers failed to correctly implement the necessary changes in the code, leaving a vulnerability that the hacker exploited.
By manipulating the smart contract’s balance, the attacker was able to inflate their holdings by a factor of 100 and drain funds from the platform.
How the Stolen Funds Were Laundered
After the attack, the hacker moved the stolen funds through Tornado Cash. Investigations by blockchain analysts, including the well-known pseudonymous researcher ZachXBT, suggested that the hacker also used unconventional methods to launder funds, including purchasing and selling “Magic: The Gathering” trading cards.
The breach ultimately led to the shutdown of Uranium Finance. The project’s website went offline on April 28, 2021, and its official X account has remained inactive since April 30 of that year. Victims of the attack were left without recourse, as no refunds or compensation were provided.
A Pattern of Vulnerabilities
This was not the first security incident involving Uranium Finance. Earlier in April 2021, just days before the major hack, another vulnerability was exploited in the platform’s first version, resulting in the theft of $1.3 million worth of Binance Coin and Binance USD.
The developers attempted to address the issue by launching a second version of the platform on April 16, but this too was exploited within 12 days.
Some members of the crypto community speculated that the attack may have been an inside job. A Discord administrator for Uranium Finance had suggested as much at the time of the breach, though no conclusive evidence has been found to support the claim.
The Significance of the Seizure
While the $31 million seizure represents a partial recovery of the stolen funds, it remains unclear whether authorities will be able to reclaim the full $50 million lost in the hack.
The incident highlights ongoing security risks in the DeFi sector, where smart contract vulnerabilities have led to numerous large-scale attacks in recent years.
Authorities have urged victims to come forward as they continue their investigation. The case also underscores the growing capabilities of law enforcement in tracking and recovering stolen crypto assets, even years after an attack takes place.
Also Read: Entire $1.4 Billion Crypto Stolen In Bybit Hack Likely To Be Laundered Through Mixers