Uranium Finance

In April 2021, Uranium Finance, a Binance Smart Chain-based DeFi protocol forked from Uniswap, was hit by two exploits, resulting in $53.7 million in stolen assets, as reported by TRM Labs. The first attack, April 6-8, exploited a reward distribution flaw, stealing $1.4 million; attackers returned $1 million but laundered $385,500 via Tornado Cash, per the article. On April 28, a single-character error in trading logic enabled a $52 million theft, including 80 BTC, 1,800 ETH, 17.9 million BUSD, 5.7 million USDT, 638,000 ADA, 26,500 DOT, 34,000 wBNB, and 112,000 U92 tokens, per BscScan. Funds were laundered through Tornado Cash, AnySwap, and centralized exchanges, with some used to buy Magic: The Gathering cards, per ZachXBT (@zachxbt). Uranium Finance, with $10 million in locked value per DeFiLlama, shut down post-attack, its website and X account (@UraniumFinance) inactive since April 30, 2021. In February 2025, U.S. authorities, with TRM Labs, seized $31 million after tracing funds from 2023, per SDNY (@SDNYnews). One of 251 hacks in 2021 costing $3.2 billion, per Chainalysis, this case, alongside TurtleDex’s $2.5 million rug pull, highlighted DeFi vulnerabilities, fueling calls for rigorous audits, bug bounties, and enhanced blockchain forensics.