Breaking: UwU Lend Suffers Another Hack, Losing $3.7M
UwU Lend, a decentralized finance (DeFi) lending protocol, has suffered another significant security breach today, resulting in an approximately $3.7 million loss.
This attack, executed similarly to the previous hack, targeted multiple liquidity pools and converted the stolen assets into Ethereum.This incident marks the latest high-profile breach affecting UwU Lend. At the time of writing, the Hacker still holds all the funds in the wallet.
UwU Lend Lost $3.7 Again
Today, UwU Lend suffered another significant security breach, losing approximately $3.7 million. The decentralized finance (DeFi) protocol, known for its lending services, was targeted by the same attacker responsible for a previous hack.
This most recent exploit affected several pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT, with all stolen assets converted to Ethereum (ETH) and currently residing at the attacker’s address “0x841ddf093f5188989fa1524e7b893de64b421f47.”
Ether Scan here: https://etherscan.io/address/0x841ddf093f5188989fa1524e7b893de64b421f47 .
The attack occurred on June 13, 2024, at 07:46:23 AM +UTC. According to Cyvers Alerts , the attacker used a sophisticated method to bypass security measures, similar to the previous breach. The initial breach involved the attacker gaining access to UwU Lend’s smart contracts and manipulating them to drain funds from various liquidity pools.
The stolen assets, including multiple stablecoins and other tokens, were converted into Ethereum to obfuscate their trail. Currently, the assets are held in the attacker’s wallet, and efforts to trace and recover the funds are ongoing.
Previous Attacks on UwU Lend
On June 10, UwU Lend was previously hacked for nearly $20 million . This exploit manipulated the protocol’s price oracle, particularly the sUSDe asset. The attacker utilized the Tornado Cash crypto-mixing protocol to fund the exploit, executing three transactions within six minutes to drain significant assets.
The immediate response included pausing the protocol and adjusting borrowing and deposit rates to zero to prevent further losses. The UwU Lend team has been actively investigating the incident to understand the attack vector and bolster security measures.
Despite efforts to mitigate the impact, the attacker exploited vulnerabilities effectively, converting stolen assets to Ethereum and complicating recovery efforts.
In response to the previous attack, Michael Patryn, known as 0xSifu and the founder of UwU Lend, proposed a deal to the hacker on June 11. He offered to drop potential charges in exchange for the return of about $16 million in stolen funds .
As of the time of writing, no update has been received regarding the last hack, and the hacker of this new hack still holds the fund in a wallet.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Shiba Inu Community Pushes Token Toward $0,001
Can You Turn $500 Into $500 With These Cryptocurrencies?
215 Arrested in South Korea’s $232M Crypto Scam
South Korean police have arrested 215 people for taking part in a massive crypto fraud scheme
BlackRock Launches BUIDL Fund on 5 Blockchains
BlackRock, the world’s largest asset manager, just took a big step in the crypto world