U.S. authorities have successfully recovered $31 million in cryptocurrency linked to the 2021 Uranium Finance hack, marking a major breakthrough in combating crypto-related crimes. The recovery resulted from joint efforts between the U.S. Attorney's Office for the Southern District of New York and Homeland Security Investigations in San Diego.
The April 2021 hack exploited vulnerabilities in Uranium Finance's smart contracts during the platform's upgrade to version V2.1. The attack drained approximately $50 million in various cryptocurrencies, including Bitcoin, Ethereum, BNB, Binance USD, Polkadot, Cardano, and Uranium's native token U92.
The attacker exploited a bug in the platform's pair contracts, which manage liquidity pairs in its automated market maker system. This vulnerability allowed them to inflate the platform's balance and withdraw nearly all assets from the protocol.
After the theft, the hacker attempted to obscure the trail by using Tornado Cash, an Ethereum-based coin mixer, before moving funds to centralized exchanges. On-chain investigator ZachXBT played a key role in tracking the stolen funds, revealing that the hacker converted approximately 11,200 ETH (worth $25 million) through multiple addresses and spent millions on "Magic: The Gathering" trading cards.
The U.S. authorities have established a dedicated email address (UraniumVictims@hsi.dhs.gov) for victims to report their losses. While the $31 million recovery represents progress, it accounts for roughly 62% of the total stolen funds.
The platform's website and social media channels have remained inactive since the incident, leaving investors without updates until this recent development. This recovery demonstrates advancing capabilities of law enforcement in tracking and seizing stolen cryptocurrency assets, despite sophisticated attempts at concealment.