Entries related to Uranium Finance

December 7, 2023

Uranium Finance hacker cashes out in Magic: The Gathering cards

Stacks of <i>Magic: The Gathering - Fallen Empires</i> booster boxes

Magic: The Gathering booster boxes (attribution)

In April 2021, an attacker stole $50 million from the defi exchange Uranium Finance. Blockchain investigator zachxbt now says that he believes this attacker has been able to cash out his ill-gotten funds... in an unusual way.

After tracing the attacker's attempts to launder the money through Tornado Cash and then obfuscate that it had come from the mixing service (something that raises flags at some exchanges), zachxbt observed the funds go to a broker of Magic: The Gathering based in the United States. Altogether, the hacker appeared to be spending millions on starter decks, alpha sets, and sealed boxes — often overpaying by 5-10%. These items routinely sell for hundreds or thousands of dollars.

The thief is probably a creative money launderer rather than an massive MTG fan, and is probably reselling the cards to further obscure the source of the money. Then again, MTG is more than a little addictive.

Tweet thread by zachxbt [archive]

April 28, 2021

Uranium Finance is drained of $50 million in hack

(attribution)

A bug in Uranium Finance, a DeFi exchange based on Binance Smart Chain, allowed an attacker to drain the liquidity pools for multiple token pairs. Uranium had just commissioned an audit which uncovered the bug, but the attack occured two hours before the patch went live. An apparent member of Uranium's development team wrote that they believed the attack had been the result of leaked information.

"Binance Chain DeFi Exchange Uranium Finance Loses $50M in Exploit", Coindesk
"Uranium Finance developer suspected of 'leaking' information leading to $50M exploit", Cointelegraph

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.