A miscalculation in Uranium Finance's v2 migration code left a factor-of-100 error in the AMM balance check, enabling $50M to be drained.
During migration to Uranium v2, a critical bug introduced a 100x error in the balance calculation used to verify trade validity. An attacker discovered this and exploited it to extract nearly all assets from the liquidity pools in a single transaction. The exploit was simple: unbalanced swaps passed due to the miscalculation.
Stolen funds converted to BUSD and BTC. BTC portion moved through Bitcoin mixers. BUSD portion exchanged for ETH on Ethereum via bridges and laundered via Tornado Cash. Uranium Finance team never recovered funds and no attacker identified. Protocol shut down.
0x5a504fe72ef7fc76dfeb4d979e533af4e23fe37e90b5516186d5ae932c5610