Key Takeaways
- The hacker moved 2,250 Ether over a seven-hour period to Tornado Cash
- Uranium Finance lost $50 million in April 2021 after the hacker took advantage of a vulnerability in Uranium’s v2 contracts.
A wallet tied to the $50 million exploit of market maker platform Uranium Finance in 2021 has moved 2,250 Ether worth $3.35 million after being dormant for over 600 days.
The movement was first flagged by blockchain security firm PeckShied on Twitter. As per Etherscan data, the hacker moved 2,250 Ether over a seven-hour period in transactions ranging from 1 ETH to 100 ETH — with all the funds directed towards crypto mixer Tornado Cash.
Another Ethereum wallet linked to the Uraninum Finance hacker was last active 159 days ago. According to Etherscan data, the hacker had then moved 5 ETH and sent it to privacy-focused Ethereum zk-rollup on Aztec.
Dormant wallets tied with million dollars exploit suddenly being active is becoming an increasingly common phenomenon in the crypto space. In February, on-chain data revealed that $46 million of stolen funds had just shifted from the Wormhole hacker’s wallet. Earlier this year, a Satoshi-era bitcoin address moved $9.6 million in BTC after 11 years.
The Binance Smart Chain Uniswap clone, Uranium Finance, lost $50 million in April 2021 after the hacker took advantage of a vulnerability that has been present in Uranium’s v2 contracts. After sending the minimum required tokens into Uranium’s “pair contracts,” the attacker drained the liquidity pools for multiple token pairs; a misplaced zero in the contract’s balance field creating an open door for the attacker to strike.
A few days before the $50 Million hack, the market maker was victim to another exploit, with the attackers stealing about $1.3 million worth of BUSD and BNB. The $50 Million hack was also the subject of hot controversy since a project development team member had claimed that the hack may have been an inside job.
The Telegram user “Baymax” claiming to be part of the project had then argued that since the vulnerability that led to the exploit happened merely 2 hours before version 2 of the protocol was launched, the chances of the exploit being an inside job were high.