Uranium Finance Hack 2021 — $50M Exploit Analysis

A miscalculation in Uranium Finance's v2 migration code left a factor-of-100 error in the AMM balance check, enabling $50M to be drained.

Details

Full Description

During migration to Uranium v2, a critical bug introduced a 100x error in the balance calculation used to verify trade validity. An attacker discovered this and exploited it to extract nearly all assets from the liquidity pools in a single transaction. The exploit was simple: unbalanced swaps passed due to the miscalculation.

Laundering Analysis

Stolen funds converted to BUSD and BTC. BTC portion moved through Bitcoin mixers. BUSD portion exchanged for ETH on Ethereum via bridges and laundered via Tornado Cash. Uranium Finance team never recovered funds and no attacker identified. Protocol shut down.

Sources

Transaction Hashes

Related Hacks

Back to Browse