Another decentralized platform on Binance Smart Chain has fallen victim to hackers who drained around $50 million from Uranium Finance.
Available information shows that the cyber attackers exploited a bug in the system to swap a single coin for almost the rest of the tokens in the protocol’s liquidity pool.
Now here's the code used by the Uranium devs:
See the difference? 1000 was changed to 10000 in two places but not the end. The result? You could swap 1 wei of the input token for 98% of the total balance of the output token. pic.twitter.com/c8pRD55Fe9
— Kyle "1B TVL" Kistner | Fulcrum | bZx (@BeTheb0x) April 28, 2021
Although the hacked finance is a fork of Sushiswap, a prominent DeFi exchange on Ethereum blockchain, the protocol’s developers did not apply the codes accurately. As the team tried to quell the vulnerability, the hacker exchanged them for Ethereum and sent them to the privacy-protected Tornado Crash.
According to reports, the sad event occurred when Uranium Finance was undergoing some updates. Currently, the officials are in contact with law enforcement and cooperating closely with Binance’s security team.
Over the past few months, there have been numerous cases of hack on Binance’s smart chain. Reportedly, other protocols have also been victims of exploits being carried out by hackers which has resulted in the loss of millions of investors’ funds.
Previously, Meerkat Finance, a prominent yield farming protocol, fell victim to hackers and media reports suggest that the protocol lost $68 million, with at least 13.9 million in BUSD and $17 million in BNB. However, it was later discovered that the exploit of the protocol was a trial.