Search
Close this search box.

UwU Lend Suffers Second Hack Amidst Reimbursement Efforts

UwU Lend, a decentralized finance (DeFi) protocol, has been targeted once again by the same hacker who orchestrated a $20 million exploit on June 10. The protocol was in the process of reimbursing users when the attacker struck again, stealing an additional $3.7 million. Cyvers, a blockchain security firm, alerted users to the ongoing exploit on Thursday, revealing that the attacker had targeted asset pools including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT.

The stolen funds were swiftly converted to ether by the hacker. The initial June 10 attack involved a flash loan attack, where the hacker exploited the price manipulation of the USDe stablecoin and its synthetic counterpart sUSDe. Following this, the UwU Lend team had paused the protocol to address the vulnerabilities, particularly in the sUSDe market oracle, and had commenced repayment of the bad debt while reimbursing users.

Despite repaying $9.7 million of the bad debt, the protocol’s recovery efforts were undermined by its treatment of the hacker’s funds from the first exploit as legitimate collateral. This oversight allowed the hacker to drain additional pools within UwU Lend. MetaTrust Labs, another Web3 security firm, noted that the hacker used 60 million sUSDe from the initial hack as collateral to execute the subsequent theft, retaining 5 million sUSDe tokens.

Michael Patryn, co-founder of the now-defunct crypto exchange QuadrigaCX and also known as “0xSifu,” initially offered a 20% bounty to the hacker in exchange for the return of 80% of the stolen funds. However, following the latest developments, Patryn has revised his approach. In a recent blockchain message, he stated, “Repayment deadline for the funds you stole has passed. Five million dollar bounty to the first person to identify and locate you, paid in ETH.”

This sequence of events highlights significant security challenges in the DeFi space, especially concerning the management of vulnerabilities and the consequences of treating maliciously acquired tokens as valid collateral.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Bullish Times is a marketing agency committed to providing corporate-grade press coverage and shall not be liable for any loss or damage arising from reliance on this information. Readers should perform their own research and due diligence before engaging in any financial activities.

Picture of Cairo Arevalo

Cairo Arevalo

A dedicated crypto-focused professional with a strong background in community management and business development. Enthusiastic NFT collector passionate about blockchain technology and committed to delivering engaging crypto-related content. Involved in crypto since 2014.
View All Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest News

  • bitcoinBitcoin (BTC) $ 64,358.00 1.15%
  • ethereumEthereum (ETH) $ 3,540.43 0.25%
  • tetherTether (USDT) $ 1.00 0.08%
  • bnbBNB (BNB) $ 587.05 1.03%
  • solanaSolana (SOL) $ 133.79 0.26%
  • staked-etherLido Staked Ether (STETH) $ 3,539.55 0.3%
  • usd-coinUSDC (USDC) $ 1.00 0.1%
  • xrpXRP (XRP) $ 0.487921 0.67%
  • dogecoinDogecoin (DOGE) $ 0.124733 0.01%
  • the-open-networkToncoin (TON) $ 7.14 0.08%