{"id":41552,"date":"2021-04-28T13:42:29","date_gmt":"2021-04-28T10:42:29","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=41552"},"modified":"2025-08-30T19:16:24","modified_gmt":"2025-08-30T16:16:24","slug":"uranium-finance-project-loses-50-million-in-ethereum-due-to-vulnerability","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/uranium-finance-project-loses-50-million-in-ethereum-due-to-vulnerability\/","title":{"rendered":"Uranium Finance project loses $50 million in Ethereum due to vulnerability"},"content":{"rendered":"<p>In the early hours of April 28, the Uranium Finance cryptocurrency project came under attack. Preliminary damage is estimated at $50 million.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">(1\/2)\u203c\ufe0f Uranium migration has been exploited, the following address has 50m in it The only thing that matters is keeping the funds on BSC, everyone please start tweeting this address to Binance immediately asking them to stop transfers.<\/p>\n<p>\u2014 Uranium Finance (@UraniumFinance) <a href=\"https:\/\/twitter.com\/UraniumFinance\/status\/1387245696454041600?ref_src=twsrc%5Etfw\">April 28, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Uranium Finance is built on the Binance Smart Chain and is developing an enhanced automated market-maker protocol.<\/p>\n<p>On April 28, developers planned to migrate liquidity-provider assets to the new version of the protocol. However, a vulnerability arose in the process, allowing hackers to access users&#8217; funds.<\/p>\n<p>A Twitter user going by the handle BeTheb0x drew attention to a bug in the code of the new fork:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Now here\u2019s the code used by the Uranium devs:<\/p>\n<p>See the difference? 1000 was changed to 10000 in two places but not the end. The result? You could swap 1 wei of the input token for 98% of the total balance of the output token. <a href=\"https:\/\/t.co\/c8pRD55Fe9\">pic.twitter.com\/c8pRD55Fe9<\/a><\/p>\n<p>\u2014 Kyle \u00ab1B TVL\u00bb Kistner | Fulcrum | bZx (@BeTheb0x) <a href=\"https:\/\/twitter.com\/BeTheb0x\/status\/1387288339384991745?ref_src=twsrc%5Etfw\">April 28, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote>\n<p>\u201cThus you could swap 1 wei of the input token for 98% of the total balance of the output token,\u201d he wrote.<\/p>\n<\/blockquote>\n<p>Representatives of the project confirmed the incident:<\/p>\n<blockquote>\n<p>\u201cThe Uranium Finance migration has been exploited. The following <a href=\"https:\/\/bscscan.com\/address\/0x2b528a28451e9853f51616f3b0f6d82af8bea6ae\" target=\"_blank\" rel=\"noopener\">address<\/a> contains $50 million. It is crucial to keep these funds on the BSC now. Please tweet Binance immediately with this address and ask them to stop transfers.\u201d<\/p>\n<\/blockquote>\n<p>The hacker is moving Ethereum out of the project&#8217;s wallets via the Tornado Cash mixer.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p dir=\"ltr\" lang=\"en\">And here are the transactions with 100s of ETH coming in, and then being send out to Tornado Cash shortly afterwards to clean it up.<\/p>\n<p>Millions of dollars worth of ETH :X <a href=\"https:\/\/t.co\/p1gzwPIBdj\">pic.twitter.com\/p1gzwPIBdj<\/a><\/p>\n<p>\u2014 MyCrypto.com (@MyCrypto) <a href=\"https:\/\/twitter.com\/MyCrypto\/status\/1387271853731844099?ref_src=twsrc%5Etfw\">April 28, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The Uranium Finance developers have contacted Binance security specialists to resolve the issue.<\/p>\n<p>Earlier in March, an unknown attacker hacked the Roll blockchain platform that issues \u201csocial money\u201d and <a href=\"https:\/\/u1f987.com\/en\/news\/blockchain-platform-for-issuing-social-money-hacked-for-5-7-million\">stole 3,000 ETH (~$5.7 million)<\/a>.<\/p>\n<p>Follow ForkLog\u2019s news on <a href=\"https:\/\/twitter.com\/ForkLog\" target=\"_blank\" rel=\"nofollow noopener\">Twitter<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the early hours of April 28, the Uranium Finance cryptocurrency project came under attack. Preliminary damage is estimated at $50 million.<\/p>\n","protected":false},"author":1,"featured_media":41553,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,1307,1154,268],"class_list":["post-41552","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-bnb-chain","tag-crimes","tag-hardfork"],"aioseo_notices":[],"amp_enabled":true,"views":"24","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/41552","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=41552"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/41552\/revisions"}],"predecessor-version":[{"id":41554,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/41552\/revisions\/41554"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/41553"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=41552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=41552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=41552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}