A wallet address associated with the hacker who exploited BNB Chain-based automated market maker (AMM) Uranium Finance has been reactivated after almost two years of dormancy. The thief moved some stolen funds to the US-sanctioned crypto mixer Tornado Cash.

Uranium Hacker Moves $3.35M in Stolen ETH

According to a tweet by blockchain security firm PeckShield, the hacker started moving the funds in the early hours of Tuesday. About 2,250 ether (ETH) worth approximately $3.35 million have been transferred to Tornado in transactions between 1 and 100 ETH each. On April 28, 2021, Uranium was exploited during its v2.1 token migration event. While explaining the issue, the project said the attacker had taken advantage of a bug in its balance modifier logic. The bug allowed them to increase the balance by a factor of 100 and then syphon about $50 million worth of assets. The stolen assets include 80 bitcoins (BTC), 1,800 ETH, 26,500 Polkadot (DOT), 638,000 Cardano (ADA), 112,000 u92 (Uranium's native token), and 5.7 million Tether USD (USDT). After the exploit, most of the funds were stored in a contract created by the hacker, which held roughly $37 million in Binance Coin (BNB) and Binance USD (BUSD). After 647 days of dormancy, the wallet associated with the hack has been spotted moving funds to Tornado Cash.

Bug Exploit or Rug Pull?

The funds are part of the assets stolen from Uranium Finance two years ago in what the platform claimed to be a bug exploit but appeared to be a rug pull. While the stolen assets remain locked up in the hacker's contract, several questions about the incident have remained unanswered. After the hack, the team behind the project shut down the platform, asking users to remove their remaining assets from its pools. As of then, the Uranium team disclosed that it was working with the Binance Security Team and was in the process of handling the issue. However, there has been no update from the project to date.