Bitcoin ETF to reportedly trade next week, DeFi tops $200 billion
Binance Smart Chain renews security concerns after $50 million Uranium Finance hacked
$50 million was drained from Uranium Finance following an exploit, leading to suspicions that the attack was a rug pull — DeFi Digest
The price of ETH is surging to new all-time highs, fueling the growth of the decentralized finance ecosystem. This week, the total value locked in DeFi protocols skyrocketed 23% to $76.11 billion, as of the time of this writing.
Maker led the DeFi market with a 16% share of the sector's total value locked as the total borrowing volume of DeFi protocols posted 24% growth this week. The lending market is currently being led by Compound, which has a 37% market share.
Decentralized exchanges are the top gainers this week, as average weekly trading volumes rose 32% to $5.49 billion. Uniswap continued to lead with a 27% market share. At the same time, SushiSwap remained the largest liquidity pool — with its TVL reaching $2.54 billion.
|Category||Key statistics||Amount||Weekly % change|
|Overall||Total value locked (USD)||$76.11 billion||23%|
|Market dominance (%)||Maker (16%)|
|Lending||Total borrowing volume||$21.54 billion||24%|
|Market dominance (%)||Compound (37%)|
|DEXs||Weekly avg. trading vol.||$5.49 billion||32%|
|Market dominance (%)||Uniswap (27%)|
|Yield farming||Largest liquidity pool||SushiSwap ($2.54 billion)|
Uranium Finance hacked for $50 million
This week, Binance Smart Chain saw renewed security concerns following the $50 million hack of Uranium Finance, an automated market maker that provides daily dividends to its users.
During the protocol's planned v2.1 migration, the Uranium team discovered an exploit on April 28 — $50 million worth of cryptocurrencies was drained.
According to Uranium Finance's post-mortem, there was a swap-fee calculation error in the codebase update for v2. The calculation error led to a bug, which allowed hackers to use the swap function to drain the funds in Uranium's trading pairs.
The hacker started to withdraw stolen funds off the Binance Smart Chain. They first withdrew $6.4 million worth of ETH via Tornado Cash. The hacker then withdrew 1,438 ETH and 80 BTC via AnySwap. Over $9 million worth of cryptocurrencies was withdrawn, with the hacker holding the remaining $40.66 million on BSC, as of the time of this writing.
When the Uranium team became aware of the exploit, they urged BSC users to report the hacker's address to prevent further withdrawals. The team also cooperated with Binance's security team to investigate the root cause of the exploit and the hacker's identity. Additionally, the Uranium team set up a Telegram group to coordinate fund recovery for the victims.
Rug pull suspicions
Despite the remedial actions, the Uranium team and community suspected that the hack was actually a rug pull from insiders. The Uranium team noted suspicious "whale" sell-offs during the migration. They also noticed that, prior to the launch of the new v2.1 code, the hacker had already set up their wallet for the exploit. This may imply the attacker was well-aware of the Uranium team's plans.
An administrator in Uranium Finance’s Telegram channel, named "Baymax," suspected that someone leaked insider information that allowed hackers to exploit the protocol's vulnerabilities. He also claimed that the leaker could be among the seven core Uranium team members, the three auditors and their respective sub-contractors.
The Uranium team considered launching a whitehat attack to return users' funds once the code is fixed. However, the team did not launch it, citing a lack of confidence. It also added that any failed attempt could lead to a further exploit launched by an experienced hacker. However, Igor Igamberdiev of The Block Research believes that a whitehat attack would be the best option for Uranium Finance to safeguard users' funds.
While Uranium Finance continues to investigate the hack with Binance, the team stated that there will be no v3 as a relaunch. The Uranium team also stated that the project has come to an end and there are no plans to revive it. As a result, the Uranium team has deactivated farming rewards and suggested users remove their liquidity from the pool.
OKEx Insights presents market analyses, in-depth features, original research & curated news from crypto professionals.