Uranium Finance developer suspected of ‘leaking’ information leading to $50M exploit

Published at: April 28, 2021

The $50 million exploit of Uranium Finance, a decentralized finance protocol on Binance Smart Chain, may have been an inside job, according to a member of the project’s development team. 

The theory was put forward in Uranium Finance’s Telegram channel by a user named “Baymax,” who appears to be listed as an administrator. In a pinned post, Baymax explained that the security flaw leading to the exploit happened just two hours before version 2 of the protocol was launched. The suspicious timing of the exploit narrows down the list of potential perpetrators significantly.

Baymax explained:

“There are a total of 7 people in Uranium who knew of the exploit. Outside of Uranium would be the 3 auditors contractors and their respective sub cons who may be aware of this flaw.”

They continued:

“From the information that we gathered with the community input, it leans towards that someone leaked information that may have led to exploiters finding out about our vulnerabilities.”

No team members are listed on Uranium Finance’s official website, so it’s difficult to extrapolate further regarding how the exploit took place or who may have been responsible. 

Baymax urged the Telegram channel's over 4,100 members to message them directly and avoid any contact with other moderators or team members. In the meantime, affected users have also been asked to stop adding liquidity and to cash out if at all possible.

A separate Telegram group for victims of the attack has already been created, with over 1,200 members at the time of writing. In a pinned message, Baymax told affected users that they will provide further updates as they come. "[W]hales or users that lost more than $300K+ should pm me," they said.

The stolen funds are already on the move, with the perpetrator funneling millions through Tornado Cash, an Ethereum-based privacy tool.

Security exploits and hacks are nothing new for the cryptocurrency community. According to at least one estimate, there were 122 crypto-related hacks in 2020 alone, with the exploited assets worth billions at today’s prices.

Tags
Related Posts
DeFi hacks and exploits total $285M since 2019, Messari reports
Decentralized finan’s rising popularity since 2019 has seen the emerging market segment become a target for hackers and opportunistic profiteers. According to a report by crypto research company Messari, DeFi protocols have lost about $284.9 million to hacks and other exploit attacks since 2019. This figure is about 0.65% of the adjusted total value locked of the Ethereum-based DeFi market, according to data from DappRadar. In February Messari calculated that over $284 million in DeFi was lost to hacks since 2019 At this point in time, the decentralized insurance industry only covers a fraction of TVL in DeFi. The need …
Blockchain / April 29, 2021
DeFi attacks are on the rise — Will the industry be able to stem the tide?
The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control. According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols. These figures highlight a dire situation that is likely to persist over the long term if ignored. Why hackers prefer DeFi platforms In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to …
Adoption / May 14, 2022
FBI issues alert over cybercriminal exploits targeting DeFi
The U.S Federal Bureau of Investigation (FBI) has issued a fresh warning for investors in decentralized finance (DeFi) platforms, which have been targeted with $1.6 billion in exploits in 2022. In an Aug. 29 public service announcement on the FBI's Internet Crime Complaint Center, the agency said the exploits have caused investors to lose money — advising investors to conduct diligent research about Defi platforms before using them, while also urging platforms to improve monitoring and conduct m rigorous code testing. The law enforcement agency warned that cybercriminals are out in force to take advantage of "investors' increased interest in …
Blockchain / Aug. 30, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Cross-chains in the crosshairs: Hacks call for better defense mechanisms
2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen funds this year. The pillaging continued into the second half of 2022 as cross-chain platform Nomad saw $190 million drained from wallets. The Solana ecosystem was the next target, with hackers gaining access to private keys of some 8000 wallets that resulted in $5 million …
Blockchain / Aug. 11, 2022