A hacker that exploited the Uranium Finance DeFi platform in 2021 may have used "Magic: The Gathering" trading cards to try and launder their loot after running it through the Tornado Cash mixing service, the pseudonymous blockchain sleuth ZachXBT said on Thursday.
In a thread on X, ZachXBT outlined a series of moves that saw someone withdraw 11,200 ETH over the past year from Tornado Cash in 100 ETH increments. Then, that user swapped the ETH for wrapped ETH (WETH), transferred it to a new address, swapped it for USDC and then used some of it to buy "Magic: The Gathering" (MTG) trading cards.
Part of the funds were also deposited to centralized exchanges Kraken, Bitpay, and Coinbase, the researcher wrote.
ZachXBT said the steps appeared to have been taken to make it harder to track the funds back to their origin, which likely was the 2021 exploit of the Uranium Finance decentralized exchange. The timing of the Uranium hacker depositing funds to Tornado Cash, and the MTG cards buyer withdrawing them suggests they might well be the same person.
"In March 2023, the Uranium hacker deposited 52 X 100 ETH to Tornado & this person received 52 X 100 ETH," ZachXBT said. "March 6 & 14: Uranium Hacker deposits 52 X 100 ETH to Tornado. March 7 & 15: Our person withdrew huge volumes from Tornado."
Uranium Finance, a Binance Smart Chain-based fork of Uniswap, lost $50 million in a 2021 exploit, when an attacker used a calculation error in the code to siphon liquidity out of the protocol.
During the migration to Uranium's V2 version, 80 bitcoin, 1,800 ETH, 17.9 million BUSD, 5.7 million USDT, 638,000 ADA, 26,500 DOT, 34,000 wrapped BNB, and 112,000 U92 tokens, a native token of Uranium, were drained.
After the exploit, the attacker sent 2,438 ETH to Tornado Cash. They also swapped the DOT and ADA tokens to ETH via Binance Smart Chain-based PancakeSwap and sent 80 bitcoin to AnySwap
