Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
A loophole in the BSC ecosystem Uranium Finance resulted in the theft of US$50 million in funds. Research analyst Igor Igamberdiev pointed out an error in the Pair contract in Uranium v2. Due to calculation errors, this was used to withdraw almost all tokens. The balance of these Pair contracts has also been overstated. After the hack, Uranium Finance shut down, and the victims received no financial compensation. On February 25, 2025, U.S. authorities seized approximately $31 million in cryptocurrency linked to the 2021 Uranium Finance hack. This seizure was the result of joint efforts by the U.S. District Court for the Southern District of New York and Homeland Security Investigations (HSI) San Diego. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 50,000,000.
- chain
- bsc
- protocol
- Uranium Finance
- bug_class
- logic
- date_occurred
- 2021-04-28
- loss_usd
- $50,000,000
- source_id
- sm:uranium-finance::2021-04-28