Posted on April 29, 2021 at 6:25 PM
Insider Suspected In $50 Million Hacking Of Uranium Finance
Cryptocurrency project Uranium Finance has reportedly lost $50 million in Ethereum due to a hacking incident. Vulnerability in the new version of the protocol gave the threat actors access to steal the Ethereum fund that was to be transferred to the protocol.
Uranium Finance went to its official Twitter handle to announce the attack on Wednesday. Uranium is an automated market maker (AMM) that claims to offer daily dividends to its users.
According to research analyst Igor Igamberdiev, the balances of pair contracts on the Uranium protocol were inflated by 100 folds more than usual as the hackers took advantage of the vulnerability.
Binance asked to freeze the account holding the stolen fund
The report revealed that the threat actors Ethereum privacy tool Tornado cash to move 2,400 ETH ($6.4 million) of the funds.
Details from BscScan reveals that the hacker’s contract still holds 17.9 million BUSD and 34,000 WBNB (with a combined worth of $37 million). Other stolen funds include 80 Bitcoin (BTC), 26,500 Polkadot (DOT), 638,000 Cardano (ADA), and 5.7 million Tether (USDT).
Since the project is powered by the Binance Smart Chain contract, its developers have appealed to Binance to freeze the account after providing the address the fund was transferred to.
In the meantime, Uranium has asked users to use their Binance account to report the stolen funds. “If you have a Binance account please log in and immediately report stolen funds with this address,” Uranium said.
Earlier this month, a similar hacking incident occurred where the DAO token fell heavily due to an attack on the DeFi Force DAO. The threat actors exploited the vulnerability of the system and withdrew funds without any barrier, causing an estimated loss of $367,000.
The token collapsed by 93%, falling from a high of $2.30 to $0.17 within days of the attack.
Threat actor hacked protocol before migration
The report has also noted that the protocol admins are aware of the vulnerability that forced them to want to migrate to the v2.1 protocol. Unfortunately, the hackers exploited the system two hours before the migration is initiated.
The project developers revealed that it was working with the Binance team to prevent the threat actors from stealing more funds.
They also said they are ready to discuss with the threat actors for ransom or any workable modality before things go out of hand.
The users of the protocol didn’t take the hacking incident likely, with some commenting that such an exploit has occurred twice now.
Hacking incident suspected to be an insider job
The protocol suffered a similar hacking incident when hackers stole $1.3 million worth of BUSD and BNB. However, some strongly believed that the latest incident was possibly from an insider.
A Uranium Finance administrator with the username “Baymax” posted the information about the hacking incident on the protocol’s Telegram channel. He explained that the suspicious timing of the hacking incident indicates that it could be from those who know about the flaw.
According to “Baymax”, about 7 people in Uranium are aware of the vulnerability. The fact that it was exploited barely two hours before the movement shows a suspicious play within the protocol’s community.
The administrator also said 3 additional people who are contractors may be aware of the flaw.
It means that someone may have “leaked information that may have led to exploiters finding out about our vulnerabilities,” the Baymax stated.
But it’s difficult to tell exactly how to explain how the exploit was carried out since the Uranium Finance website does not list any team members of the platform.
Users advised contacting only Uranium Finance directly
For security reasons, Baymax advised the over 4,000 members of the Telegram channel to avoid contacting any team member or moderator, but rather message them directly if they need to.
Also, users who are affected by the hack have been advised not to add any more funds to the protocol to avoid any future incident until the issue is resolved. They are also asked to cash out their funds if possible.
The protocol has created a Telegram group for victims of the hacking incident, with more than 1,200 members already members as of press time. Baymax has assured users that more updates will be provided as soon as they are received.