UwU Lend Protocol Hacked for Nearly $20 Million in Ongoing Cryptocurrency Exploit
In an ongoing security breach, the decentralized finance (DeFi) protocol UwU Lend was hacked on Monday for nearly $20 million.
UwU Lend, known for its role as a decentralized finance protocol, allows users to deposit and borrow digital assets, functioning as a liquidity market within the DeFi ecosystem. The exploit, first identified by on-chain security firm Cyvers, has rapidly become a major incident affecting multiple digital assets.
UwU Lend Protocol Hack: Initial Discovery and Immediate Impact
Cyvers initially discovered the exploit , which alerted UwU Lend via a June 10 X post.
The situation quickly escalated as, within an hour, the amount stolen surpassed $20 million.
UwU Lend is now grappling with the fallout from this major breach. The unknown hacker has successfully drained various assets from the protocol’s pools, converting them into Ethereum (ETH).
Cyvers’ co-founder and chief technology officer, Meir Dolev, elaborated on the situation in a report .
“The attack is still ongoing, but we can already see that we’re talking about a major incident that has already passed the $20 million threshold,” he said. “We’re talking about different assets (like WBTC and DAI) that are drained from the pools and being converted to ETH.”
Further investigations revealed that the attack was facilitated by the well-known crypto-mixing protocol Tornado Cash, which the hacker used to fund the exploit.
“The UwU lending contract was exploited by an attacker that executed three transactions in six minutes and drained approximately $20 million,” Dolev explained. “The attacker was funded from Tornado Cash two days ago.”
In response to the attack, the UwU team announced that the protocol was paused less than an hour ago to investigate the situation. The team assured users, stating,
Rising Trend of Crypto Hacks in 2024
According to a recent report by Immunefi , in May 2024, the crypto industry suffered approximately $473.22 million in losses from 108 incidents.
The figure marks a 12% decrease from May 2023, when losses were recorded at over $59 million, and a 28% decrease month-over-month. The majority of the losses in May 2024 stemmed from two significant projects: Gala Games , a crypto gaming project, which suffered a $21 million loss, and Sonne Finance , a decentralized lending protocol, which faced a $20 million loss.
During this period, DeFi platforms were the primary targets for exploits, while CeFi did not experience any major attacks.
Hacks were the predominant cause of financial losses, accounting for $50,618,600 across 14 incidents, while fraud accounted for $1,753,300 from seven events. Ethereum and BNB Chain were the most targeted blockchains, representing 62% of the total losses.
In a related attack last month, decentralized finance (DeFi) lending protocol Pike Finance suffered a major security breach , losing $1.6 million over three days due to a smart contract vulnerability.
On April 30, an attacker exploited Pike’s Ethereum, Arbitrum, and Optimism chain vulnerability, draining $1.68 million. This was the second attack following a $300,000 exploit on April 26, both stemming from the same vulnerability that allowed the attacker to change the output address and override the contract.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Zhu Su: ETH has been received at $3090 and SOL has been received at $211
Trump says Musk's efficiency group will release work report