One of the wallets related to the $50 million exploit of Uranium Finance in April 2021 seems to have awoken after 647 days of dormancy, with funds headed in direction of crypto mixer Tornado Cash.
The sudden transfer was highlighted on Mar 7 by cybersecurity corporations PeckShield and CertiK on their respective alert accounts on Twitter.
#PeckShieldAlert After 647 days, @UraniumFinance hacker began transfer 2250 ETH (~$3.35m) stolen funds into @TornadoCash. On April 28, 2021, the hacker drained roughly $50 million price of tokens from Uranium’s “pair contracts”. https://t.co/mBhMxmAdS5 pic.twitter.com/OOF3R0w3ll
— PeckShieldAlert (@PeckShieldAlert) March 7, 2023
According to knowledge from Etherscan, the hacker moved the two,250 Ether (ETH), price $3.35 million, over a seven-hour interval in transactions starting from 1 ETH to 100 ETH — with all of the funds heading to Tornado Cash.
This is, nonetheless, simply one of many wallets related to the hacker. Another Ethereum pockets linked to the hacker exhibits it was final energetic 159 days in the past, with 5 ETH being despatched to privacy-focused Ethereum zk-rollup on Aztec.
This marks yet one more event in 2023 wherein a hacker’s pockets has come out of dormancy after a prolonged hiatus. In January, the Wormhole hacker moved round $155 million price of ETH nearly a yr after exploiting the Wormhole bridge for $321 million in early 2022.
The similar month, a infamous hacker dubbed the “blockchain bandit” additionally moved round $90 million after a six-year slumber.
In February, the Wormhole hacker moved one other $46 million price of stolen funds, whereas standard blockchain sleuth ZachXBT highlighted through Twitter on Feb. 23 that “dormant funds left over” from the April 2018 $230 million Gate.io change hack by “North Korea began to move after over 4.5 years.”
Dormant funds left over from the April 2018 Gate $230m hack by North Korea started to transfer after over 4.5 years.
0xff8E0c9Cf3d7C0239aB157eC2D56bC1cFcD80757
A small quantity was deposited to MEXC 10 hrs in the past. pic.twitter.com/iHhniTtVIM
— ZachXBT (@zachxbt) February 22, 2023
Binance Smart Chain-based automated market maker Uranium Finance was exploited on April 28, 2021. The hack itself was reportedly the results of a coding vulnerability that allowed the hacker to siphon $50 million throughout Uranium’s v2.1 protocol launch and token migration occasion.
The platform seemingly shut down shortly after the hack, with its final tweet revealed on April 30, 2021, urging customers to take away funds from its numerous liquidity swimming pools.
Please learn our newest medium article : “Last rewards of the money pot, please remove funds from pools” :https://t.co/W5uw0DUSXS
— Uranium Finance (@UraniumFinance) April 29, 2021
Unanswered questions
It can be price noting that on April 28, 2021, somebody claiming to be a member of the undertaking’s improvement staff urged within the Uranium Discord channel that the hack could have been an inside job.
They outlined that solely a small variety of staff members knew of the safety flaw prior to the v2.1 protocol launch, and questioned the suspicious timing of the hack being simply two hours earlier than launch.
Since then, experiences have gone chilly on the undertaking and its victims. However, Binance discussion board posts from final October recommend that customers have been disregarded within the chilly.
Related: 7 DeFi protocol hacks in Feb see $21 million in funds stolen: DefiLlama
On Oct. 26, User “RecoveryMad” made a put up asking for a follow-up on the hack, and famous that the particular person representing the Uranium staff locally Telegram had “vanished.”
In response, consumer “nofiatnolie” claimed that “No investigation was performed. It was swept up under the rug. There are still victim groups with no answers and crowd-sourced investigations [are] pointing at the developers of Uranium and others as the suspects.”