BSC | Uranium platform hacked: The Block, PeckShield explain actual losses
According to Uranium's official statement, the attack occurred during the migration process from the previous protocol to version V2.1. According to research by The Block's analyst Igor Igamberdiev, the hack may be related to a vulnerability in a specific contract within the Uranium V2 trading pair.
Table of Contents
Reasons behind the Uranium Finance Hack
According to Uranium's official statement, the attack occurred during the migration process to version V2.1 of the previous protocol. According to The Block researcher Igor Igamberdiev, the hack may be related to a vulnerability in one of the pairs in the Uranium V2 trading contracts.
Funds Compromised:
– 34k WBNB $18M
– 17.9M BUSD $17.9M
– 1.8k ETH $4.7M
– 80 BTC $4.3M
– 26.5k DOT $0.8M
– 638k ADA $0.8M
– 5.7M USDT $5.7M
– 112k U92
As per Igor Igamberdiev, WBNB and BUSD are still trapped in the hacker's contract and cannot be withdrawn due to certain issues.
1/10
So, Uranium Finance (another Uniswap v2 fork on BSC) was exploited for $51M, right?
Nope, everything is much more complicated.
Let’s figure out what happened.👇 pic.twitter.com/D6EsW3kZXV
— Igor Igamberdiev (@FrankResearcher) April 28, 2021
Security audit firm PeckShield confirmed Igor Igamberdiev's findings, stating in their report that when users lend funds to the liquidity pool using flash loans, the swap function of the contract has a precision processing error in checking the contract balance based on the constant product formula. This leads to the calculated balance in the contract being 100 times greater than the actual balance. In other words, if an attacker uses the flash loan function to borrow from Uranium's pair contract, they only need to repay 1% of the borrowed amount to pass the check, while the remaining 99% of the balance will be pocketed by the user, resulting in losses to Uranium's liquidity pool.
After executing the attack, the hacker converted DOT and ADA tokens on the BSC chain to ETH (BEP-20 version) using the BSC-based decentralized exchange PancakeSwap, and then converted the BEP-20 version of ETH to the Ethereum version of ETH through the cross-chain asset protocol AnySwap.Once successfully transferring ETH to Ethereum, the hacker moved these funds (2,438 ETH) to the privacy mixer Tornado Cash, making it difficult to trace these illicit gains.
Furthermore, the hacker also used AnySwap to transfer 80 BEP-20 version of Bitcoins out of the BCS blockchain.
According to The Block's report, Uranium's contract code was removed from Github for unknown reasons, raising suspicions whether the attack was an inside job or orchestrated by external hackers.
Related
- Synthetix founder launches new platform Infinex, aiming to surpass Binance with a new DeFi experience
- BitGo's new stablecoin USDS is set to launch in 2025, sharing profits with liquidity providers.
- Ripple upgrades XRPL in collaboration with Futureverse, investing tens of millions of dollars in Japan and South Korea.