1. Home
  2. tornado

tornado

Wallet tied to Uranium Finance hacker reawakens after 647 days, shifting $3.3M

The hacker has other associated wallets that have also shifted funds to privacy networks such as Aztec.

One of the wallets associated with the $50 million exploit of Uranium Finance in April 2021 appears to have awoken after 647 days of dormancy, with funds headed towards crypto mixer Tornado Cash.

The sudden move was highlighted on Mar. 7 by cyber security firms PeckShield and CertiK on their respective alert accounts on Twitter.

According to data from Etherscan, the hacker moved the 2,250 Ether (ETH) or $3.35 million over a seven-hour period in transactions ranging from 1 ETH to 100 ETH — with all the funds heading to Tornado Cash.

This is, however, just one of the wallets associated with the hacker. Another Ethereum wallet linked to the hacker shows it was last active 159 days ago, with 5 ETH being sent to privacy-focused Ethereum zk-rollup on Aztec.

This marks yet another occasion in 2023 in which a hacker’s wallet has come out of dormancy after a lengthy hiatus. In January, the Wormhole hacker moved around $155 million worth of ETH almost a year after exploiting the Wormhole bridge for $321 million in early 2022.

The same month, a notorious hacker dubbed the “blockchain bandit” also moved around $90 million after a six-year slumber. 

In February, the Wormhole hacker moved another $46 million worth of stolen funds, while popular blockchain sleuth ZacXBT highlighted via Twitter on Feb. 23 that “dormant funds left over” from the April 2018 $230 million Gate.io exchange hack by “North Korea began to move after over 4.5 years.”

Binance Smart Chain-based automated market maker Uranium Finance was exploited on Apr. 28, 2021. The hack itself was reportedly the result of a coding vulnerability that allowed the hacker to siphon $50 million during Uranium’s v2.1 protocol launch and token migration event.

The platform seemingly shut down shortly after the hack, with its last Twitter post published on Apr. 30, 2021 and urges users to remove funds from its various liquidity pools.

Unanswered questions

It is also worth noting that on Apr. 28, 2021, someone claiming to be a member of the project’s development team suggested in the Uranium discord channel the hack may have been an inside job.

They outlined that only a small number of team members knew of the security flaw prior to the v2.1 protocol launch, and questioned the suspicious timing of the hack being just two hours before launch.

Since then, reports have gone cold on the project and its victims. However, Binance forum posts from October 2022 suggest that users have been left out in the cold.

Related: 7 DeFi protocol hacks in Feb see $21 million in funds stolen: DefiLlama

On Oct. 26, User “RecoveryMad” made a post asking for a follow-up on the hack, and noted that the person representing the Uranium team in the community Telegram had “vanished.”

In response, user “nofiatnolie” claimed that “No investigation was performed. It was swept up under the rug. There are still victim groups with no answers and crowd-sourced investigations [are] pointing at the developers of Uranium and others as the suspects.”

Crypto Analyst Issues Ethereum Alert, Says ETH Primed To Plunge Lower Against Bitcoin – Here Are His Targets

How to avoid getting hooked by crypto ‘ice phishing’ scammers — CertiK

Ice phishing is a type of scam that exists only in Web3 and is a “considerable threat” to the crypto community, said the firm.

Blockchain security company CertiK has reminded the crypto community to stay alert over “ice phishing” scams — a unique type of phishing scam targeting Web3 users — first identified by Microsoft earlier this year. 

In a Dec. 20 analysis report, CertiK described ice phishing scams as an attack that tricks Web3 users into signing permissions which end up allowing a scammer to spend their tokens.

This differs from traditional phishing attacks which attempt to access confidential information such as private keys or passwords, such as the fake websites set up which claimed to help FTX investors recover funds lost on the exchange.

A Dec. 17 scam where 14 Bored Apes were stolen is an example of an elaborate ice phishing scam. An investor was convinced to sign a transaction request disguised as a film contract, which ultimately enabled the scammer to sell all of the user's apes to themselves for a negligible amount.

The firm noted that this type of scam was a “considerable threat” found only in the Web3 world, as investors are often required to sign permissions to decentralized finance (DeFi) protocols they interact with, which could be easily faked.

“The hacker just needs to make a user believe that the malicious address that they are granting approval to is legitimate. Once a user has approved permissions for the scammer to spend tokens, then the assets are at risk of being drained.”

Once a scammer has gained approval, they are able to transfer assets to an address of their choosing.

An example of how an ice phishing attack works on Etherscan. Source: Certik

To protect themselves from ice phishing, CertiK recommended that investors revoke permissions for addresses they don’t recognize on blockchain explorer sites such as Etherscan, using a token approval tool.

Related: $4B OneCoin scam co-founder pleads guilty, faces 60 years jail

Additionally, addresses that users are planning to interact with should be looked up on these blockchain explorers for suspicious activity. In its analysis, CertiK points to an address that was funded by Tornado Cash withdrawals as an example of suspicious activity.

CertiK also suggested that users should only interact with official sites they are able to verify, and to be particularly wary of social media sites like Twitter, highlighting a fake Optimism Twitter account as an example.

Fake Optimism Twitter account. Source: Certik

The firm also advised users to take a couple of minutes to check a trusted site such as CoinMarketCap or Coingecko, users would have been able to see that the linked URL was not a legitimate site and should be avoided.

Tech giant Microsoft was the first one to highlight this practice in a Feb. 16 blog post, saying at the time that while credential phishing is very predominant in the Web2 world, ice phishing gives individual scammers the ability to steal a chunk of the crypto industry while maintaining “almost complete anonymity.”

They recommended that Web3 projects and wallet providers increase the security of their services on the software level in order to prevent the burden of avoiding ice phishing attacks being placed solely on the end-user.

Crypto Analyst Issues Ethereum Alert, Says ETH Primed To Plunge Lower Against Bitcoin – Here Are His Targets

Bitmart Loses $200 Million in Hack Performed by Unknown Attackers

Bitmart Loses 0 Million in Hack Performed by Unknown AttackersBitmart, a cryptocurrency exchange, suffered an attack yesterday that exploited some security vulnerabilities in order to gain access to the funds of the exchange. The attack targeted the hot wallets of the platform, specifically the Ethereum and Binance Smart Chain-based wallets. The hackers managed to take almost $200 million in tokens from the platform. Bitmart […]

Crypto Analyst Issues Ethereum Alert, Says ETH Primed To Plunge Lower Against Bitcoin – Here Are His Targets