US Officials Seize $31M in Crypto Tied to Uranium Finance Hack

Nearly four years after the 2021 Uranium Finance exploit, the United States authorities have confiscated approximately $31 million in cryptocurrency tied to the attack. The Southern District of New York (SDNY) announced the seizure on X (formerly Twitter), crediting Homeland Security Investigations (HSI) in San Diego for its role in the recovery.

SDNY and @HSISanDiego seize cryptocurrency worth approximately $31 million related to April 2021 hack of Uranium Finance. If you believe you have been a victim of this hack, please contact UraniumVictims@hsi.dhs.gov.

— US Attorney SDNY (@SDNYnews) February 24, 2025

While announcing the recovery, US officials did not disclose any information about the perpetrators but encouraged affected users to reach out.

“If you believe you have been a victim of this hack, please contact UraniumVictims@hsi.dhs.gov,” SDNY stated in its post.

Uranium Finance Exploit

The security breach, which occurred in late April 2021, was among the most severe decentralized finance-related hacks at the time. Uranium Finance, a Binance Smart Chain-based platform modeled after Uniswap, was targeted during its upgrade to version 2 (V2).

The platform’s smart contract flaw allowed the attacker to manipulate balance calculations and extract funds from liquidity pools. The vulnerability stemmed from an error in the balance modifier logic, which artificially inflated token balances.

As a result, the hacker was able to drain approximately $50 million worth of crypto. The stolen assets included 80 BTC, 1,800 ETH, 17.9 million BUSD, 5.7 million USDT, 638,000 ADA, 26,500 DOT, 34,000 wBNB, and 112,000 U92, Uranium’s native token.

To cover their tracks, the hackers laundered the stolen assets using Tornado Cash, a privacy-focused Ethereum mixer. They also used AnySwap, a cross-chain bridge facilitating fund transfers from Binance Smart Chain to Ethereum.

Ongoing Investigations and Recovery Efforts

Since the breach, authorities have been tracking the stolen funds. The hacker attempted to launder them through various methods, including deposits into centralized exchanges. Unusually, some of the stolen assets were reportedly used to purchase rare Magic: The Gathering cards.

Moreover, the timing of the exploit raised concerns as it happened shortly after the platform launched V2. The concerns deepened when Uranium’s contract repository was removed from GitHub, especially since the platform had already faced a $1.3 million breach in version 1 earlier that month.

Despite these challenges, authorities recovered $31 million, demonstrating their growing ability to trace illicit funds. Even as cybercriminals employ advanced laundering techniques, law enforcement continues to enhance its ability to track and seize stolen assets.