Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 030Smart Contract Bug

Uranium Finance Migration Math Bug

$57.2M extracted from Uranium Finance via a misplaced constant in v2.1 migration contracts (1,000,000 vs 10,000), letting 1 wei swap for 98% of pools.

Date
Victim
Uranium Finance
Chain(s)
BNB Chain
Status
Funds Stolen

On April 28, 2021, the BSC AMM Uranium Finance was drained of approximately $57.2 million across 26 different market pairs during the protocol's v2.1 token-migration event. The exploit was a single misplaced constant in the swap function — 1000**2 (= 1,000,000) where the code should have used 10,000. The factor-of-100 discrepancy let the attacker drain entire pools by depositing one wei of input.

What happened

Uranium Finance was a fork of Uniswap v2 on BNB Chain. As part of a v2.1 upgrade, the team modified the swap-function's constant-product invariant check to support a different fee mechanism. The original Uniswap code used a specific scaling constant in its "sanity check" for the pool's new balance after a swap — a check that ensures the swap respects the x*y = k constant-product rule.

In Uniswap's actual code, the constant matches the scaling factor used in the balance-adjustment math. In Uranium's modified version, the team scaled the balance adjustment by 10,000 (a different fee structure) but left the sanity-check constant at 1,000,000 (the un-modified Uniswap value).

Because the sanity check expected a value 100× larger than what the actual balance math produced, the check passed for swaps that violated the invariant by up to 100×. In practical terms: an attacker could send 1 wei of an input token and the pool would let them withdraw up to 98% of the output token's balance.

The attacker walked through all 26 of Uranium's market pairs, draining ETH, WBNB, BUSD, USDT, BTCB and a long tail of other assets. The total loss settled at ~$57.2M.

Aftermath

  • Uranium Finance shut down permanently within days of the incident.
  • Funds were bridged from BSC to Ethereum, swapped to ETH, and sent to Tornado Cash.
  • In February 2025, U.S. authorities seized approximately $31M of the original stolen funds in a coordinated forfeiture action, after years of forensic tracing.
  • An indictment of an unnamed individual followed shortly after the seizure.

Why it matters

Uranium Finance is one of the cleanest cases for why forking a security-sensitive codebase requires re-auditing every modified line. Uniswap v2's swap function has been audited dozens of times by the world's best Solidity reviewers; its math is correct. Uranium's modified version had been touched by a small team adjusting fees — and the modification broke the invariant.

The pattern recurs every time a project forks a battle-tested AMM and changes "just a small thing":

  • Uranium (2021) — fee-mechanism modification broke swap invariant.
  • Sonne Finance (2024) — Compound v2 fork's deployment ordering broke market initialisation.
  • Hundred Finance (2023) — Compound v2 fork's redemption math broke under donation attack.
  • Velocore (2024) — Balancer-style CPMM with modified fee logic broke overflow guards.

Every fork inherits the upstream's well-understood security; every modification creates new, unaudited attack surface. The cost of the lesson — Uranium's $57M — is paid every time a team underestimates this asymmetry.

Sources & on-chain evidence

  1. [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-uranium-finance-hack-april-2021
  2. [02]coindesk.comhttps://www.coindesk.com/markets/2021/04/28/binance-chain-defi-exchange-uranium-finance-loses-50m-in-exploit
  3. [03]rekt.newshttps://rekt.news/uranium-rekt

Related filings