The Uranium Finance platform faced a series of attacks this Tuesday, April 27. During the attack, the stealth of the funds in bitcoin, ether, and other cryptocurrencies happened, leaving the platform vulnerable.
About $ 50 million disappeared during the hack into a decentralized finance (DeFi) protocol that runs on Binance’s smart contract-focused blockchain, the Binance Smart Chain. (BSC).
The affected platform was Uranium Finance, a fork of the SushiSwap protocol that runs on the Ethereum blockchain. The attack occurred on the night of this Tuesday, April 27, during the protocol migration to version 2.1. Uranium Finance itself reported it through its Twitter account:
“The Uranium migration has been exploited,” wrote the DeFi team, who also shared the address where the stolen funds met their destiny.
“The most important mission and the one that matters is keeping the funds in BSC. Everyone, please start sending this address to Binance on Twitter, asking them to stop making transfers, “added those responsible for the protocol.”
In total, the attackers took out funds locked in Uranium Finance in cryptocurrencies such as bitcoin, ether (ETH), Binance USD (BUSD), Cardano (ADA), Polkadot (DOT), Binance Coin (BNB), and the platform’s native token, Uranium U92. The developers of Uranium Finance did not explain details about how the attack that caused the theft of the funds blocked in their protocol came to fruition.
According to Kyle Kistner, co-founder of bZx, another DeFi protocol that works on Ethereum, it was due to a change in the source code of SushiSwap – forked by Uranium – that allowed attackers to appropriate 98% of the funds in the affected direction.
The attacker (s) transferred the funds to the Ethereum chain, exchanged for ether (ETH), and used a mixing service to eradicate the trail of the stolen money. However, the original Binance Smart Chain address still holds over $ 30 million worth of cryptocurrencies, while the Ethereum address used for the mix appears to be belonging to the Etherscan hack.
Attack on DeFi Becomes a Usual Event
DeFI has suffered many previous attacks. Uranium is not the first DeFi making life on the Binance Chain, the largest exchange by volume of trade in the bitcoin and cryptocurrency ecosystem.
At the beginning of March, the media covered the news on the alleged hack to Meerkat Finance, which caused losses of about 30 million dollars. Shortly after, an attack on the web servers of their platforms compromised two other BSC DeFi: PancakeSwap and Cream Finance.
Attacks on DeFi platforms have become a familiar and very usual phenomenon, with victims such as Yearn Finance, Cover, or Warp Finance among the most recent. In all cases, the attackers achieved the acquisition of a millionaire loot.
By: Jenson Nuñez