On March 7th, cybersecurity firms PeckShield and CertiK reported that one of the wallets connected to the $50 million hack of Uranium Finance in April 2021 had become active again after 647 days of inactivity.
The hacker moved 2,250 Ether worth $3.35 million to Tornado Cash over a seven-hour period. This is not the only wallet associated with the hacker, as another Ethereum wallet linked to the same individual was active 159 days ago, with 5 ETH sent to Ethereum zk-rollup on Aztec.
This trend of dormant wallets awakening after long periods has been seen before. In January, the Wormhole hacker moved $155 million worth of ETH almost a year after exploiting the Wormhole bridge for $321 million in early 2022.
Also, the “blockchain bandit” moved $90 million after six years of dormancy.
In February, the Wormhole hacker moved another $46 million worth of stolen funds, and funds from the April 2018 $230 million Gate.io exchange hack by “North Korea” started moving after over 4.5 years.
Uranium Finance was exploited on April 28, 2021, due to a coding vulnerability during the platform’s v2.1 protocol launch and token migration event. The platform shut down shortly after the hack, with its last tweet published on April 30, 2021. Reports on the project and its victims have gone cold, and some victims have not received any answers regarding the hack.
In April 2021, a member of Uranium’s development team suggested that the hack might have been an inside job due to the suspicious timing and limited knowledge of the security flaw.
Months later, a user claimed that no investigation had been performed, and there were still victim groups with no answers.
Binance forum posts from October suggest that users have been left without resolution. The project and its victims have not received any updates since then.