January 31, 2023

icpvr

icpvr

The Uranium Finance project lost $50 million in Ethereum due to vulnerability

On the night of April 28, the Uranium Finance cryptocurrency project was attacked. Preliminary damage is estimated at $50 million.

Uranium Finance is based on the Binance Smart Chain blockchain and is working on creating an improved automated market maker protocol.

On April 28, the developers planned to migrate the assets of liquidity providers to a new version of the protocol. However, a vulnerability arose in the process, due to which hackers gained access to user funds.

A Twitter user under the pseudonym BeTheb0x drew attention to an error in the code of the new fork:

“Thus, 1 wei of the incoming token can be exchanged for 98% of the total balance of the outgoing token,” he wrote.

Representatives of the project confirmed the incident:

“The migration of Uranium Finance has been exploited. The following address contains $50 million. Now it is important to keep these funds in BSC. Immediately send Binance tweets with this address and ask them to stop the transfers.”

The hacker withdraws Ethereum from the wallets of the project through the Tornado Cash mixer.

The developers of Uranium Finance contacted Binance security specialists to solve the problem.

Recall that in March, an unknown person hacked the blockchain platform for the release of “social money” Roll and stole 3,000 ETH (~ $5.7 million)