U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

U.S. authorities have recovered $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance.

U.S. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, which is a decentralized finance (DeFi) protocol built on Binance’s BNB Chain. The protocol operated as an automated market maker (AMM), similar to Uniswap, allowing users to swap tokens without intermediaries.

In April 2021, Uranium Finance suffered two cyber attacks that exploited smart contract flaws. The first attack (April 6-8) resulted in the theft of $1.4M, with $1M later returned. The second attack (April 28) exploited a code error, leading to a $52M theft. Stolen funds were laundered through the cryptocurrency mixer Tornado Cash and decentralized exchanges, with some remaining dormant for years before resurfacing in early 2024.

US authorities, with the help of the Blockchain intelligence firm TRM Labs, tracked and recovered some illicit financial flows linked to the cyber heist.

The U.S. Attorney’s Office (SDNY) and HSI San Diego seized $31 million in stolen assets, a major breakthrough in the Uranium Finance case.

SDNY and @HSISanDiego seize cryptocurrency worth approximately $31 million related to April 2021 hack of Uranium Finance. If you believe you have been a victim of this hack, please contact [email protected].

— US Attorney SDNY (@SDNYnews) February 24, 2025

“In February 2023, TRM worked closely with law enforcement to meticulously trace the movement of stolen assets across multiple blockchains, identifying key laundering patterns and generating actionable intelligence for law enforcement. By March 2023, the team had mapped out the attackers’ attempts to obfuscate their funds, linking them to Tornado Cash transactions and cross-chain swaps.” reads the report published by TRM Labs. “As a result, law enforcement was able to successfully seize USD 31 million in outstanding funds in February 2025.”

The Uranium Finance asset seizure highlights law enforcement’s growing ability to track and recover stolen crypto, even years later. It warns cybercriminals that blockchain intelligence tools are advancing, making it harder to hide funds. The case also stresses the need for rigorous DeFi security, as minor code flaws can cause huge losses. Despite evolving laundering tactics, stolen assets remain traceable.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DeFi)