One of the wallets associated with Uranium Finance’s $50 million exploit in April 2021 appears to have woken up after 647 days of dormancy, with funds funneled into crypto mixer Tornado Cash.
The sudden move was highlighted on March 7 by cybersecurity firms PeckShield and CertiK on their respective Twitter alert accounts.
#PeckShieldAlert After 647 days, @UraniumFinance hacker began transferring 2250 ETH (~$3.35 million) of stolen funds into @TornadoCash. On April 28, 2021, the hacker dumped approximately $50 million worth of tokens from Uranium “pair contracts”. https://t.co/mBhMxmAdS5 pic.twitter.com/OOF3R0w3ll
— PeckShieldAlert (@PeckShieldAlert) March 7, 2023
According to data from Etherscan, the hacker moved all 2,250 Ether (ETH) or $3.35 million over a seven-hour period in transactions ranging from 1 ETH to 100 ETH – with all funds directed to Tornado Cash.
This is, however, only one of the wallets associated with the hacker. Another Ethereum wallet linked to the hacker shows it was last active 159 days ago, with 5 ETH being sent at Ethereum zk-rollup focused on privacy on Aztec.
This marks another occasion in 2023 when a hacker’s wallet came out of dormancy after a long hiatus. In January, the Wormhole hacker moved around $155 million worth of ETH nearly a year after mining the Wormhole Bridge for $321 million in early 2022.
In the same month, a notorious hacker dubbed the “blockchain bandit” also moved about $90 million after a six-year hiatus.
Wormhole hacker moved another $46 million in stolen funds in February, while popular blockchain sleuth ZacXBT pointed out via Twitter on Feb. 23 that “dormant funds remained” from the Gate.io exchange hack of 230 million from April 2018 by “North Korea has started moving after more than 4.5 years.
Dormant funds left behind by North Korea’s April 2018 hack of $230 million have begun to move after more than 4.5 years.
A small sum was deposited at the MEXC 10 hours ago. pic.twitter.com/iHhniTtVIM
— ZachXBT (@zachxbt) February 22, 2023
Binance Smart Chain-based automated market maker Uranium Finance was exploited on April 28, 2021. The hack itself was reportedly the result of a coding vulnerability that allowed the hacker to siphon off $50 million during launch Uranium protocol v2.1 and token migration event.
The platform apparently shut down shortly after the hack, with its last Twitter post posted on April 30, 2021 and urging users to withdraw funds from its various liquidity pools.
Please read our latest media article: “Latest prize pool rewards, please withdraw funds from prize pools”:https://t.co/W5uw0DUSXS
— Uranium Finance (@UraniumFinance) April 29, 2021
It should also be noted that on April 28, 2021, someone claiming to be a member of the project’s development team suggested in the Uranium discord channel that the hack may have been an inside job.
They pointed out that only a small number of team members were aware of the security flaw before the launch of the v2.1 protocol, and questioned the suspicious timing of the hack, just two hours before the launch.
Since then, reports have cooled on the project and its victims. However, Binance forum posts from October 2022 suggest that users have been left behind.
Related: 7 DeFi protocol hacks in February see $21 million in funds stolen: DefiLlama
On October 26, user “RecoveryMad” made a job asking for a follow-up on the hack, and noted that the person representing the Uranium team in the Telegram community had “disappeared”.
In response, user “nofiatnolie” claimed that “no investigation has been done. It has been swept under the rug. There are still unanswered victim groups and crowd-sourced surveys point to Uranium developers and others as suspects.