Uranium Migration Exploited on Binance Smart Chain, Millions Stolen

Uranium Finance, the daily dividends automated market maker (AMM), announced today that they have been attacked. Millions have already been stolen.

“Uranium migration has been exploited, the following address has 50m in it” is what the decentralized finance (DeFi) project revealed on Twitter earlier today. In an urgent two-part post, Uranium encouraged users to start tweeting the address to which the stolen funds had been sent to Binance. This is in a bid to report the thefts and stop the transfers.

Uranium, which is based on the Blockchain Smart Chain (BSC), then assured users that they were in touch with the Binance security team. While escalating the issue, they also urged anyone who may be in possession of the funds, or knew someone who is, to contact Uranium Finance directly. 

The exploit

Igor Igamberdiev, a research analyst for The Block, analyzed the attack in great detail. On his twitter, he released an itemized report of the stolen funds, the majority of which were in wrapped BNB (WBNB) and Binance USD (BUSD), $18 million and $17.9 million worth of the $50 million stolen in total.

These tokens remain on the exploiter’s contract, which Igamberdiev assessed that this was due to them being difficult to cash out. Other coins on the list include more than $4 million each worth of bitcoin (BTC) and ether (ETH).

It is believed the hack occurred while upgrading its protocol to V2.1. An upgrade, in which the only significant change is the fix of a bug that was present in the V2 version. This bug allowed anyone to interact with pair contracts and withdraw tokens.

Igamberdiev alleges that “since the team fixed this bug that led to the exploit, they should have known about it.”

The BSC in other news

It has been an eventful few hours for the BSC. And not all of it is negative.

Earlier today, it was reported that their first NFT platform Initial DEX Offering (IDO) sold out in five minutes. The token sale in question was for an NFT platform called Refineable. A hub where users can create, discover, trade, and leverage NFTs on the BSC. It’s what the DeFi exchange behind it, Polkastarter, has called its largest token offering to date.