US authorities seize $31M in crypto linked to 2021 Uranium Finance hack

US authorities have seized $31 million in cryptocurrency related to the April 2021 hack of the now-defunct decentralized finance platform Uranium Finance. In this attack, hackers exploited a vulnerability in the platform’s smart contract to abscond with millions of digital assets.

According to an X post, the seizure was due to a joint effort between the SDNY and Homeland Security Investigations (HSI) in San Diego. A spokesperson for SDNY did not respond to requests for comment before press time, and no further details about the seizure or any related investigation were immediately available.

The authorities have not named the suspects but said anyone with relevant information should come forward. This case adds to the mounting pressure on cybercriminals who target decentralized finance (DeFi) platforms as law enforcement efforts to pursue justice heat up.

Hacker drains $50 million from Uranium Finance

Uranium Finance was essentially a clone of the automated market maker (AMM) Uniswap deployed on Binance’s BNB chain (then called Binance Smart Chain). In April 2021, a hacker exploited a bug in Uranium’s pair contracts to steal $50 million in various tokens. At the time of the incident, the Uranium Finance hack was one of the largest monetary exploits in decentralized finance (DeFi) history.

Uranium Finance’s website was closed after the attack on April 28, 2021, and its X account has been inactive since April 30, 2021, leaving victims high and dry without answers or a road to financial recompense until now.

One of Uranium’s Discord channel administrators claimed that the hack might have been an inside job at the time. The exploit resulted from an issue in Uranium Finance’s v2 smart contracts, which allowed attackers to tap into 100,000 times the project’s balance thanks to a code error. 

The attacker exploited a critical vulnerability in Uranium Finance’s smart contracts, draining $50 million in one of DeFi’s largest heists. The stolen funds comprised around $36.8 million worth of BNB, Binance USD (BUSD), and other cryptocurrencies.

The hacker also stole 80 Bitcoin (BTC), 1,800 Ether (ETH), 26,500 Polkadot (DOT), 5.7 million Tether (USDT), 638,000 Cardano (ADA), and 112,000 U92 tokens—the governance token for Uranium Finance before the platform was shut down. The attacker exchanged the stolen Polkadot and Cardano for Ether soon after the breach and laundered the funds via Tornado Cash, an Ethereum-based privacy mixer, before sending them to centralized exchanges.

Uranium Finance shuttered after the hack, leaving victims without answers or financial restitution. The partial recovery, which comes nearly four years after the initial attack, offers the first glimmer of hope for victims to see some of their money returned. 

Hackers also exploited Uranium’s v1 platform pool on April 8, 2021, stealing $1.3 million worth of BNB and BUSD. This hack prompted Uranium to create a second version, which launched on April 16 before being exploited around 12 days later.

A wave of cyberattacks exposes the cryptocurrency industry’s security weaknesses

A new batch of cyberattacks has sent investors jitters, causing many to think again about gambling their money on digital tokens. Below is a brief rundown of what has happened and how the participating companies responded.

On February 21, cryptocurrency exchange Bybit was hacked and the attackers stole digital tokens worth around $1.5 billion in what researchers called the biggest crypto heist of all time. Bybit said it has replenished its reserves through a mix of emergency loans and large deposits.

Dior’s official Instagram account, with 46.8 million fans, was hacked on February 19, 2025. An imposter used the account to publicize “Dior Official Coin,” a parody coin disguised as a Solana-based token, encouraging followers to go to a phishing website. The price of the coin nose-dived 90%, rebounded at that point, and the gimmicked message was deleted, but Dior has yet to make an official notification to date.

In early 2025, UAE-based cryptocurrency exchange M2 suffered a cyberattack that led to the loss of $13.7 million. In response, M2 assured users that all lost funds would be recovered. The exchange has since worked closely with cybersecurity experts to track the stolen assets and bolster its security infrastructure.

In 2024, Indian crypto exchange WazirX was among the victims of cyber attack stages, losing $235 million in one of the largest cyber loots ever. The attack was attributed to a North Korean hacking syndicate known as the Lazarus Group, which was responsible for several cryptocurrency hacks.

North Korean hackers are reported to have stolen over $659 million in 2024 alone via a range of crypto-specific attacks.

Following that, WazirX worked with global agencies and successfully recovered the funds that attempted to be withdrawn and put in place measures to ensure that the exchange’s security architecture meets the highest standards.

DeFi platform Radiant Capital was also drained of $50 million in a hack on October 16, 2024. According to reports, the platform based in the United States saw its developers’ hardware wallets infiltrated with advanced malware.

In response, Radiant Capital engaged the FBI and partnered with cybersecurity companies to follow the stolen assets. The platform has since implemented tighter security protocols, including multi-layer signature verifications, to prevent another breach of this nature from occurring.

Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More