Report said that a member of Uranium Finance’s (a decentralized finance protocol on Binance Smart Chain) developer team said they suspect that the recent hack of the platform may have originated internally, as they have urged affected users not to contact any other members of the Uranium Finance team.
It has been reported that the $50 million exploits of Uranium Finance may have been an inside job. The theory was put forward in Uranium Finance’s Telegram channel by a user named “Baymax,” who appears to be listed as an administrator.
However, in a pinned post, Baymax explained that the security flaw leading to the exploit happened just two hours before version 2 of the protocol was launched. The suspicious timing of the exploit narrows down the list of potential perpetrators significantly.
“There are a total of 7 people in Uranium who knew of the exploit. Outside of Uranium would be the 3 auditors contractors and their respective sub cons who may be aware of this flaw. From the information that we gathered with the community input, it leans towards that someone leaked information that may have led to exploiters finding out about our vulnerabilities.”
The report said that no team members are listed on Uranium Finance’s official website, so it’s difficult to extrapolate further regarding how the exploit took place or who may have been responsible. Baymax urged the Telegram channel’s over 4,100 members to message them directly and avoid any contact with other moderators or team members. In the meantime, affected users have also been asked to stop adding liquidity and to cash out if at all possible.
Likewise, a separate Telegram group for victims of the attack has already been created, with over 1,200 members as of April 28. In a pinned message, Baymax told affected users that they will provide further updates as they come.
A suspicious series of events has led one Uranium Finance developer to conclude that the recent hack may have originated internally. https://t.co/AcJ9XNZmcF — Cointelegraph (@Cointelegraph) April 28, 2021
“[W]hales or users that lost more than $300K+ should pm me.”
The stolen funds are already on the move, with the perpetrator funneling millions through Tornado Cash, an Ethereum-based privacy tool. Security exploits and hacks are nothing new for the cryptocurrency community.
Thus, according to at least one estimate, there were 122 crypto-related hacks in 2020 alone, with the exploited assets worth billions at today’s prices.