Uranium Finance hacker executes $2.5m BUSD transfer to Ethereum
The Uranium Finance attacker has transferred 2.5 million BUSD from the BNB chain to Ethereum (ETH) using Li.fi.
On Jan. 22, On-chain analytics platform PeckShield Alert reported the transfer of 2.5 million BUSD from the BNB Chain to Ethereum, leveraging the Li.fi protocol, a DEX aggregator. This movement involved the conversion of assets to 812 ETH and approximately $500,000 in stablecoins.
#PeckShieldAlert #UraniumFinance Exploiter- labeled address has bridged 2.5M $BUSD from #BNBChain to #Ethereum via Li[.]fi
The Ethereum address has received 812 $ETH and ~$505.5K in stablecoin pic.twitter.com/EZXZwJYTxK— PeckShieldAlert (@PeckShieldAlert) January 22, 2024
Originating from the notorious Uranium Finance hack in April 2021, the primary address associated with the incident transferred a total of $3.1 million in BUSD to Ethereum. Peck Shield’s initial report indicated the movement of $10,000 BUSD via Stargate, a cross-chain bridging protocol. Further tracking revealed additional transfers totaling 3.1 million BUSD.
The attacker’s strategy involved distributing 500,000 BUSD across six transactions and 100,000 BUSD in another. The batch of transactions, executed within an hour, sparked discussions in the crypto community.
The exploiter’s BNB Chain address held over $15 million in assets, comprising BUSD and Wrapped BNB (WBNB). At the time of writing, the wallet was completely drained.
You might also like: North Korean crypto hackers raided $600m in 2023
Additionally, the Ethereum address of the exploiter boasted holdings of 824 Ether, valued at $1.3 million at the time, along with smaller amounts of USDC and USDT. Notably, soon after the BUSD transfer to Ethereum, 1,200 ETH (valued at $1.89 million) were moved to Tornado Cash, a cryptocurrency mixer. This was executed through 12 transactions of 100 ETH each.
These activities aligned with a pattern observed throughout the year, including several transfers to Tornado Cash in the preceding months. The first of these occurred in March, involving a different address to move 2,250 ETH to the mixer. In total, the exploiter extracted $50 million in crypto assets by exploiting a flaw in the pair contracts of the protocol.
On a related note, 2024 has witnessed increased illicit cryptocurrency activities. A notable phishing attack, reported by Scam Sniffer, resulted in a $4.20 million loss for the victim. The scam exploited ERC20 Permit signatures, allowing scammers access to the victim’s assets.