美国当局抓住了3100万美元的加密货币，与2021年铀金融骇客有关

经过四年的调查，美国当局扣押了与2021年铀金融骇客有关的3100万美元加密货币。

U.S. authorities have seized $31 million in cryptocurrency related to the 2021 Uranium Finance hack.

美国当局已缴获了与2021铀金融骇客有关的3100万美元加密货币。

The Southern District of New York announced the seizure on Monday. Homeland Security Investigations in San Diego aided in the recovery.

纽约南部地区周一宣布癫痫发作。圣地亚哥的国土安全调查有助于恢复。

Uranium Finance was a decentralized exchange that launched on April 1, 2021, on the BNB chain. It was a fork of Uniswap, an automated market maker.

铀金融是一种分散的交易所，于2021年4月1日在BNB连锁店发起。它是自动做市商的Uniswap的叉子。

On April 28, 2021, Uranium Finance suffered a Web 3.0 security breach. The result was $50 million in lost tokens spanning over 26 different market pairs, amounting to one of the most devastating DeFi attacks of the time.

2021年4月28日，铀金融遭受了Web 3.0安全漏洞。结果是5000万美元的失落令牌超过26个不同的市场对，相当于当时最具破坏性的Defi攻击之一。

The attackers laundered the money through crypto mixers and central exchanges, transferring small amounts simultaneously to avoid detection.

攻击者通过加密混音器和中央交易所洗钱，同时转移了少量，以避免发现。

Victims of the attack were left stranded, not knowing what was happening behind the scenes.

袭击的受害者被搁浅了，不知道幕后发生了什么。

The breach allowed attackers to inflate the project’s balance, manipulate token pairs, and drain funds from liquidity pools.

违规行为允许攻击者膨胀该项目的平衡，操纵令牌对，并从流动性池中排出资金。

A brief inspection of the original Uniswap code reveals that a value of 1,000 is applied to a pair swap, allowing the new X and Y values of the output to apply a new fee. At the same time, a value K, used as a checking value, is also scaled along with the other values.

对原始UNISWAP代码的简要检查表明，将1,000的值应用于一对交换，允许输出的新X和Y值适用新费用。同时，用作检查值的值k也与其他值一起缩放。

Uniswap is a very popular swapping protocol, having experienced many transactions and, therefore, having many more security patches. The problem, however, is when a fork happens without the development team moving over to the new project.

UNISWAP是一个非常受欢迎的交换协议，经历了许多交易，因此拥有更多的安全补丁。但是，问题在于，如果没有开发团队进入新项目，则发生叉子。

The Uranium Finance fork of the code, however, uses a magic value of 10,000 instead of 1,000. More critically, it continues to use 1,000 for the K value, introducing a discrepancy that can be exploited to inflate the prices. The disparity between 10,000 and 1,000 means that a swap is guaranteed to be 100 times larger than the K value before the swap.

但是，该代码的铀金融叉子使用了10,000而不是1,000的魔术值。更重要的是，它继续使用1,000 k k值，引入了可以利用以夸大价格的差异。 10,000至1,000之间的差异意味着互换比掉期之前的K值大100倍。

This means that a hacker can swap a minimal amount of tokens for a much larger amount if the contract is changed appropriately. In the case of Uranium Finance, the attacker could drain the liquidity pools of the pair tokens.

这意味着，如果合同适当更改，黑客可以将最小的令牌换成更大的代币。就铀金融而言，攻击者可能会排干这对令牌的流动性池。

The next step in hacking Uranium Finance was to withdraw and obfuscate the stolen tokens. This was done by mixing the tokens using Tornado Cash and depositing the new tokens into a centralized exchange.

黑客铀金融的下一步是撤回和混淆被盗的令牌。这是通过使用龙卷风现金混合代币并将新令牌存入集中式交易所来完成的。

The attackers seemed to have been meticulous with their hack, raising the question of how the authorities tracked the stolen tokens. The authorities have not yet revealed all the details about the seizure of funds.

攻击者似乎对他们的黑客一丝不全，提出了当局如何追踪被盗令牌的问题。当局尚未透露有关扣押资金的所有细节。

The attack spanned multiple tokens. Of the $50 million extracted, Binance’s Blockchain Token (BNB) and Binance’s Stablecoin (BUSD) lost $18 million. Ethereum (ETH) and Binance’s Wrapped Bitcoin (BTCB) lost around $9 million. USDT lost around $6.7 million. DOT, ADA, and Uranium Finance Token lost $1.7 million.

攻击跨越了多个令牌。在提取的5000万美元中，Binance的区块链令牌（BNB）和Binance的Stablecoin（Busd）损失了1800万美元。以太坊（ETH）和Binance包裹的比特币（BTCB）损失了约900万美元。 USDT损失了约670万美元。 DOT，ADA和铀金融令牌损失了170万美元。

Open information from BscScan shows the attackers swapping ADA and DOT for Ethereum, preparing to launder the tokens, and accumulating around 2,400 ETH.

BSCSCAN的开放信息显示，攻击者将ADA和DOT换成以太坊，准备洗钱，并积累了约2400张ETH。

These tokens, amounting to around $5.7 million, were mixed with Tornado Cash, an Ethereum anonymity and privacy tool.

这些代币总计约570万美元，与龙卷风现金（一种以太坊匿名和隐私工具）混合在一起。