U.S. recovers $31 million stolen in 2021 Uranium Finance hack

U.S. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, a Binance Smart Chain-based DeFi protocol.

Uranium Finance was a decentralized finance (DeFi) protocol built on Binance's BNB Chain that operated as an automated market maker (AMM) similar to Uniswap.

The platform launched in April 2021, but hackers quickly exploited vulnerabilities in its smart contracts to drain its assets and push it to premature death, causing millions in investor losses.

Blockchain intelligence firm TRM Labs reported today that it has aided the Southern District of New York (SDNY) and Homeland Security Investigations (HSI) San Diego in tracking and recovering the stolen assets, resulting in one of the most significant retrievals in recent years.

"In February 2023, TRM worked closely with law enforcement to meticulously trace the movement of stolen assets across multiple blockchains, identifying key laundering patterns and generating actionable intelligence for law enforcement," reads the TRM Labs report.

"By March 2023, the team had mapped out the attackers' attempts to obfuscate their funds, linking them to Tornado Cash transactions and cross-chain swaps."

"As a result, law enforcement was able to successfully seize USD 31 million in outstanding funds in February 2025."

The funds were stolen in two attacks, both in April 2021, resulting in losses of over $53,700,000.

The first attack, from April 6, 2021, exploited a vulnerability in the reward distribution system, leading to a $1.4 million theft.

The hacker later returned $1 million, keeping $385,500, which was laundered via Tornado Cash.

The second attack took place on April 28, 2021, and leveraged a single-character coding error in Uranium Finance's trading logic, allowing attackers to steal $52 million by manipulating balances.

The stolen funds were laundered through decentralized exchanges, converted into various cryptocurrencies, and stored in dormant wallets for years.

With over half of this amount now recovered, the U.S. SDNY asked victims of the hack to email [email protected] to claim a portion of the recovered cryptocurrency.