Uranium Finance hacker may have cashed out via ‘Magic: The Gathering’ cards, ZachXBT says

A hacker who abused the Uranium Finance DeFi platform in 2021 may have used ‘Magic: The Gathering’ trading cards to try to launder their loot after running it through the Tornado Cash mixing service, the pseudonymous blockchain said sleuth ZachXBT Thursday.

In a wire on Then that user traded the ETH for wrapped ETH (WETH), transferred it to a new address, exchanged it for USDC, and used some of it to buy “Magic: The Gathering” (MTG) trading cards.

Some of the money was also deposited on the centralized exchanges Kraken, Bitpay and Coinbase, the researcher said wrote.

ZachXBT said the steps appeared to have been taken to make it more difficult to trace the funds back to their origins, which is likely to 2021 exploitation of the decentralized exchange Uranium Finance. The timing of when the Uranium hacker deposited money into Tornado Cash and the buyer of the MTG cards withdrew it suggests they may be the same person.

“In March 2023, the uranium hacker deposited 52 x 100 ETH on Tornado and this person received 52 x 100 ETH,” ZachXBT said. “March 6 and 14: Uranium Hacker deposits 52

Uranium Finance, a Binance Smart Chain-based fork of Uniswap, lost $50 million in a 2021 exploit, when an attacker used a calculation flaw in the code to siphon liquidity from the protocol. During the migration to the V2 version of Uranium, 80 bitcoin, 1,800 ETH, 17.9 million BUSD, 5.7 million USDT, 638,000 ADA, 26,500 DOT, 34,000 wrapped BNB and 112,000 U92 tokens, a native token of Uranium, were removed.

After the exploit, the attacker sent 2,438 ETH to Tornado Cash. They also traded the DOT and ADA tokens to ETH via the Binance Smart Chain-based PancakeSwap and sent 80 bitcoin to AnySwap.

Rare cards

To purchase the trading cards, ZachXBT said someone went to a U.S.-based broker who contacted sellers on their behalf. After speaking with several sellers involved in the transactions, ZachXBT discovered that the buyer “spent millions on starter decks, alpha sets, sealed boxes” for which they overpaid 5-10%. The buyer sent crypto to the broker in advance and never revealed his identity to the sellers.

An MTG card collector who doesn’t tend to go by X told The Block that the user who has been following ZachXBT has likely purchased high-quality vintage cards that are hard to find.

Starter decks are “old, rare and non-reproducible. They are the only type of vintage product that has a very high price, likely easily verifiable authenticity and provenance, and is not commonly traded.” Alpha sets “are in the higher price range, they don’t trade often, and when they do, everyone knows about them, or the trading is deliberately kept secret so no one knows.”

The fact that the hacker could have purchased the cards potentially affects most of the remaining supply of those cards, which is not readily suggested in after on X.

Tornado Cash was sanctioned last November by the U.S. Treasury Department’s Office of Foreign Assets Control and its founders charged with “conspiracy to commit money laundering, a conspiracy to violate sanctions, and a conspiracy to operate an unlicensed money transmission business.”