In a significant move against cryptocurrency crime, U.S. authorities have successfully recovered a substantial amount of stolen funds. They’ve managed to seize $31 million in crypto assets linked to the unfortunate 2021 hack of the decentralized finance (DeFi) platform, Uranium Finance.
This recovery follows a well-coordinated investigation by the U.S. Attorney’s Office for the Southern District of New York (SDNY) and Homeland Security Investigations in San Diego. The SDNY shared the details of this operation in a tweet this past Monday.
Back on April 28, 2021, Uranium Finance suffered a significant hack. Attackers exploited a weakness in the platform’s smart contracts, cleverly inflating balances and siphoning off a staggering $50 million in various cryptocurrencies.
The loot included a substantial $36.8 million in BNB (BNB) and Binance USD (BUSD) stablecoin. Alongside these, the hackers also made off with Bitcoin (BTC), Ethereum (ETH), Polkadot (DOT), Cardano (ADA), and U92, Uranium’s own token.
Unfortunately, the DeFi platform, which has since become defunct, was targeted precisely during its transition to a new version, V2.1 of its protocol.
A critical security flaw within the platform’s pair contracts, responsible for managing liquidity in its automated market maker (AMM), was the entry point. This flaw allowed the attacker to drain almost all assets from the entire protocol.
For those unfamiliar, AMMs are essential to decentralized exchanges. They empower users to trade cryptocurrencies directly with each other using pooled assets, cutting out the need for traditional order books.
After the successful theft, the hacker embarked on a laundering process, initially utilizing Tornado Cash, an Ethereum-based coin mixer, to obscure the funds’ origin. From there, the funds were moved to centralized exchanges, creating a deliberately tangled web for investigators to unravel.
To assist those affected by this incident, authorities have established a dedicated email address, [email protected], urging victims to come forward and report their losses.
Ever since the attack, Uranium Finance’s website and social media channels have remained conspicuously silent. This lack of communication left investors in limbo until this recent development of recovered funds.
A crucial figure in piecing together the complex laundering operation was the pseudonymous on-chain crypto investigator, ZachXBT.
In a tweet posted today, ZachXBT referenced his in-depth report from December 2023. This report detailed how the stolen cryptocurrency was channeled through Tornado Cash and, surprisingly, later used to purchase valuable “Magic: The Gathering” trading cards.
“Magic: The Gathering” cards are more than just collectibles; they’re part of a popular strategy card game, with certain rare editions commanding surprisingly high prices.
ZachXBT’s December investigation brought to light that the hacker withdrew over 11,200 ETH (Ethereum), then valued at $25 million, from the coin mixer. These funds were shuffled through numerous crypto addresses before millions were spent acquiring trading cards, which were subsequently shipped to a broker located in the U.S.
This intricate process involved converting ETH into a wrapped token (wETH) and then back to ETH again, a maneuver designed to muddy the waters and evade standard anti-money laundering (AML) detection systems used by exchanges.
Beyond his work unraveling the Uranium Finance exploit, ZachXBT has consistently played a crucial role in exposing those behind other significant crypto attacks, establishing himself as a key figure in crypto security.
For instance, his insightful analysis was instrumental in identifying the culprits behind the recent Bybit exchange hack. This incident stands as one of the most massive in crypto history, with over $1.4 billion in digital assets stolen.
The crypto security investigator’s analysis in the Bybit case actually traced the attack back to the Lazarus Group, the infamous North Korean hacking collective known for orchestrating numerous high-profile crypto heists in recent years.
