Breaking Uranium Migration Exploited on Binance Smart Chain, Millions Stolen

Share Article
In Brief
  • Uranium Finance reveals that $50 million worth of crypto has been stolen.

  • They urge all users with Binance accounts to contact them to stop transfers.

  • Exploit occurred during upgrade of Uranium protocol to fix a bug.

  • promo

    KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption Read now!

The Trust Project is an international consortium of news organizations building standards of transparency.

Uranium Finance, the daily dividends automated market maker (AMM), announced today that they have been attacked. Millions have already been stolen.

“Uranium migration has been exploited, the following address has 50m in it” is what the decentralized finance (DeFi) project revealed on Twitter earlier today. In an urgent two-part post, Uranium encouraged users to start tweeting the address to which the stolen funds had been sent to Binance. This is in a bid to report the thefts and stop the transfers.

Uranium, which is based on the Blockchain Smart Chain (BSC), then assured users that they were in touch with the Binance security team. While escalating the issue, they also urged anyone who may be in possession of the funds, or knew someone who is, to contact Uranium Finance directly. 

The exploit

Igor Igamberdiev, a research analyst for The Block, analyzed the attack in great detail. On his twitter, he released an itemized report of the stolen funds, the majority of which were in wrapped BNB (WBNB) and Binance USD (BUSD), $18 million and $17.9 million worth of the $50 million stolen in total.

These tokens remain on the exploiter’s contract, which Igamberdiev assessed that this was due to them being difficult to cash out. Other coins on the list include more than $4 million each worth of bitcoin (BTC) and ether (ETH).

It is believed the hack occurred while upgrading its protocol to V2.1. An upgrade, in which the only significant change is the fix of a bug that was present in the V2 version. This bug allowed anyone to interact with pair contracts and withdraw tokens.

Igamberdiev alleges that “since the team fixed this bug that led to the exploit, they should have known about it.”

The BSC in other news

It has been an eventful few hours for the BSC. And not all of it is negative.

Earlier today, it was reported that their first NFT platform Initial DEX Offering (IDO) sold out in five minutes. The token sale in question was for an NFT platform called Refineable. A hub where users can create, discover, trade, and leverage NFTs on the BSC. It’s what the DeFi exchange behind it, Polkastarter, has called its largest token offering to date.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Dale Hurst is a journalist, presenter, and novelist. Before joining the Be In Crypto team, he was an editor and senior journalist at a news, lifestyle and human-interest magazine in the UK. Cryptocurrency was one of the first subjects he specialized in when first going freelance in 2018, reviewing exchanges and analysing lawsuits.

Follow Author

KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption      

Read now

KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption

Read now

Olympus, a P2E NFT Game Similar to Clash Royale, Is Making Headlines

Read Now