美國當局抓住了3100萬美元的加密貨幣，與2021年鈾金融駭客有關

經過四年的調查，美國當局扣押了與2021年鈾金融駭客有關的3100萬美元加密貨幣。

U.S. authorities have seized $31 million in cryptocurrency related to the 2021 Uranium Finance hack.

美國當局已繳獲了與2021鈾金融駭客有關的3100萬美元加密貨幣。

The Southern District of New York announced the seizure on Monday. Homeland Security Investigations in San Diego aided in the recovery.

紐約南部地區周一宣布癲癇發作。聖地亞哥的國土安全調查有助於恢復。

Uranium Finance was a decentralized exchange that launched on April 1, 2021, on the BNB chain. It was a fork of Uniswap, an automated market maker.

鈾金融是一種分散的交易所，於2021年4月1日在BNB連鎖店發起。它是自動做市商的Uniswap的叉子。

On April 28, 2021, Uranium Finance suffered a Web 3.0 security breach. The result was $50 million in lost tokens spanning over 26 different market pairs, amounting to one of the most devastating DeFi attacks of the time.

2021年4月28日，鈾金融遭受了Web 3.0安全漏洞。結果是5000萬美元的失落令牌超過26個不同的市場對，相當於當時最具破壞性的Defi攻擊之一。

The attackers laundered the money through crypto mixers and central exchanges, transferring small amounts simultaneously to avoid detection.

攻擊者通過加密混音器和中央交易所洗錢，同時轉移了少量，以避免發現。

Victims of the attack were left stranded, not knowing what was happening behind the scenes.

襲擊的受害者被擱淺了，不知道幕後發生了什麼。

The breach allowed attackers to inflate the project’s balance, manipulate token pairs, and drain funds from liquidity pools.

違規行為允許攻擊者膨脹該項目的平衡，操縱令牌對，並從流動性池中排出資金。

A brief inspection of the original Uniswap code reveals that a value of 1,000 is applied to a pair swap, allowing the new X and Y values of the output to apply a new fee. At the same time, a value K, used as a checking value, is also scaled along with the other values.

對原始UNISWAP代碼的簡要檢查表明，將1,000的值應用於一對交換，允許輸出的新X和Y值適用新費用。同時，用作檢查值的值k也與其他值一起縮放。

Uniswap is a very popular swapping protocol, having experienced many transactions and, therefore, having many more security patches. The problem, however, is when a fork happens without the development team moving over to the new project.

UNISWAP是一個非常受歡迎的交換協議，經歷了許多交易，因此擁有更多的安全補丁。但是，問題在於，如果沒有開發團隊進入新項目，則發生叉子。

The Uranium Finance fork of the code, however, uses a magic value of 10,000 instead of 1,000. More critically, it continues to use 1,000 for the K value, introducing a discrepancy that can be exploited to inflate the prices. The disparity between 10,000 and 1,000 means that a swap is guaranteed to be 100 times larger than the K value before the swap.

但是，該代碼的鈾金融叉子使用了10,000而不是1,000的魔術值。更重要的是，它繼續使用1,000 k k值，引入了可以利用以誇大價格的差異。 10,000至1,000之間的差異意味著互換比掉期之前的K值大100倍。

This means that a hacker can swap a minimal amount of tokens for a much larger amount if the contract is changed appropriately. In the case of Uranium Finance, the attacker could drain the liquidity pools of the pair tokens.

這意味著，如果合同適當更改，黑客可以將最小的令牌換成更大的代幣。就鈾金融而言，攻擊者可能會排幹這對令牌的流動性池。

The next step in hacking Uranium Finance was to withdraw and obfuscate the stolen tokens. This was done by mixing the tokens using Tornado Cash and depositing the new tokens into a centralized exchange.

黑客鈾金融的下一步是撤回和混淆被盜的令牌。這是通過使用龍捲風現金混合代幣並將新令牌存入集中式交易所來完成的。

The attackers seemed to have been meticulous with their hack, raising the question of how the authorities tracked the stolen tokens. The authorities have not yet revealed all the details about the seizure of funds.

攻擊者似乎對他們的黑客一絲不全，提出了當局如何追踪被盜令牌的問題。當局尚未透露有關扣押資金的所有細節。

The attack spanned multiple tokens. Of the $50 million extracted, Binance’s Blockchain Token (BNB) and Binance’s Stablecoin (BUSD) lost $18 million. Ethereum (ETH) and Binance’s Wrapped Bitcoin (BTCB) lost around $9 million. USDT lost around $6.7 million. DOT, ADA, and Uranium Finance Token lost $1.7 million.

攻擊跨越了多個令牌。在提取的5000萬美元中，Binance的區塊鏈令牌（BNB）和Binance的Stablecoin（Busd）損失了1800萬美元。以太坊（ETH）和Binance包裹的比特幣（BTCB）損失了約900萬美元。 USDT損失了約670萬美元。 DOT，ADA和鈾金融令牌損失了170萬美元。

Open information from BscScan shows the attackers swapping ADA and DOT for Ethereum, preparing to launder the tokens, and accumulating around 2,400 ETH.

BSCSCAN的開放信息顯示，攻擊者將ADA和DOT換成以太坊，準備洗錢，並積累了約2400張ETH。

These tokens, amounting to around $5.7 million, were mixed with Tornado Cash, an Ethereum anonymity and privacy tool.

這些代幣總計約570萬美元，與龍捲風現金（一種以太坊匿名和隱私工具）混合在一起。