Uranium Finance, an automated market maker platform on the Binance Smart Chain, has reported a security incident that resulted in a loss of about $50 million.
Tweeting on Wednesday, Uranium revealed that the exploit targeted its v2.1 token migration event and that the team was in contact with the Binance security team to mitigate the situation.(1/2)‼️ Uranium migration has been exploited, the following address has 50m in it The only thing that matters is keeping the funds on BSC, everyone please start tweeting this address to Binance immediately asking them to stop transfers.— Uranium Finance (@UraniumFinance) April 28, 2021
The hacker reportedly took advantage of bugs in Uranium’s balance modifier logic that inflated the project’s balance by a factor of 100.
This error reportedly allowed the attacker to steal $50 million from the project. As of the time of writing, the contract created by the hacker still holds $36.8 million in Binance Coin (BNB) and Binance USD (BUSD).
The remaining stolen funds include 80 Bitcoin (BTC), 1,800 Ether (ETH), 26,500 Polkadot (DOT), 5.7 million Tether (USDT), as well as 638,000 Cardano (ADA) and 112,000 u92, the project's native coin.
Details from BscScan show the attacker swapping the ADA and DOT tokens for ETH, upping the Ether stash to about 2,400 ETH.
Meanwhile, the alleged mastermind of the theft has already moved 2,400 ETH, worth about $5.7 million, using the Ethereum privacy tool Tornado Cash.
Data from Ethereum chain monitoring service Etherscan shows the funds moving in 100 ETH sums, with the cross-chain decentralized exchange bridge AnySwap used to migrate funds from BSC to the Ethereum network.Source: Etherscan
According to Uranium, the project has reached out to the Binance security team to prevent the hacker from moving more funds out of the BSC ecosystem.
Binance did not immediately respond to Cointelegraph’s request for comment. A spokesperson for...