Uranium hacker starts laundering $50m plunder almost two years later

One of the wallets associated with the 2021 Uranium Finance hacker has finally re-awaken, making transfers of 2250 ethereum(ETH) (~$3.35 million) to Tornado Cash.

The hacker’s address 0xC47BdD0A852a88A019385ea3fF57Cf8de79F019d, labeled as “Uranium hacker” on Etherscan, has finally been activated. In the past nine hours, the hacker has made 33 transactions to Tornado Cash, a decentralized protocol for private transactions on Ethereum. 

Sixteen transactions were 100 ETH, and the others ranged from 0 to 10 ETH. Another wallet associated with the Uranium hacker has been labeled “Uranium Finance hacker” on Etherscan. It has been inactive for 153 days, making its last transaction to Aztec, a privacy-first zk-rollup on Ethereum.

On April 28, 2021, a hacker attacked Uranium Finance and got away with $50 million worth of tokens from the company’s “pair contracts.” 

The Uranium hacker utilized code inefficiencies as the AMM migrated to its v2.1 upgrade. According to CertiK, Uranium Finance shifted balance0 and balance1 from 1000 to 10,000 but neglected to update the third instance. As a result, the hacker drained $50 million worth of tokens from the company. 

Several similar cases where hackers rekindle their wallets and move huge amounts of stolen funds have occurred in 2023. In January, the Wormhole hacker moved a massive $155 million worth of crypto to take almost a year after exploiting $321 million from the Wormhole bridge.

Crypto enthusiasts have expressed their frustration on Twitter that the blockchain has offered a leeway to scammers and hackers. The blockchain security and data analytics company, PeckShield, tweeted that the ~$3.35 million move stayed as USDT on the chain without the account being frozen or blocked.