Hacker of Uranium Finance Moves $3.35 Million in Stolen Funds to TornadoCash
The hacker responsible for the Uranium Finance DeFi project breach has moved 2,250 ETH, worth approximately $3.35 million, in stolen funds into the popular coin mixer, TornadoCash. The movement of funds from the wallet was detected by the blockchain security firm, PeckShield, on March 7th.
According to data from Etherscan, the hacker transferred the funds over a time frame of seven hours in transactions ranging from 1 ETH to 100 ETH. In addition, another Ethereum wallet tied to the hacker shows it was last active 159 days ago. Further investigation revealed that 5 ETH was sent to privacy-focused Ethereum zk-rollup on Aztec.
Uranium Finance was exploited on April 28, 2021, when attackers targeted its v2.1 token migration event and exploited the project’s balance modifier. The Binance Smart Chain-based protocol was drained of $50 million in funds, leading to rug pull allegations.
The movement of stolen funds into TornadoCash has raised concerns about the anonymity of the mixer and its potential use for money laundering. TornadoCash is a decentralized, non-custodial mixer that allows users to mix their Ethereum and ERC-20 tokens to enhance privacy and anonymity.
The incident highlights the need for increased security measures in the DeFi space and the importance of conducting thorough audits before launching projects. It also underscores the risks associated with using decentralized exchanges and the need for users to exercise caution when interacting with them.
