UwU Lend Faces Second $3.7 Million Hack

UwU Lend Faces Second $3.7 Million Hack

By Jakub Lazurek

14 Jun 2024 (5 months ago)

3 min read

Share:

UwU Lend, a DeFi lending protocol, suffers a second $3.7 million hack during reimbursement efforts from a previous $19.3 million attack, raising security concerns.

UwU Lend, a DeFi lending protocol, has suffered two attacks within three days, losing a total of $23 million. The second attack occurred on Thursday while the protocol was trying to reimburse users from the first hack.

On June 10, UwU Lend was struck by a sophisticated attack, resulting in a loss of $19.3 million. The attackers used flash loans to exploit the protocol. In response, UwU Lend paused its operations and assured users that most assets were secure. They also offered a $4 million white hat bounty for the return of the stolen funds. The stolen assets included Wrapped Ethereum (wETH), Wrapped Bitcoin (wBTC), Curve DAO (CRV), Tether (USDT), Staked USDe (sUSDE), and others.

Blockchain security firm Beosin revealed that the attacker manipulated the price of USDe (USDE) by swapping it for other tokens using flash loans. This devalued USDe and sUSDE. After the price manipulation, the hacker deposited some tokens into UwU Lend and borrowed more $sUSDe than expected, driving USDe’s price higher. Similarly, the attacker deposited the sUSDE to UwU Lend and borrowed CRV.

By Wednesday, UwU Lend announced they had identified and fixed the vulnerability, unique to the sUSDE market oracle. The protocol was unpaused, and markets were gradually reopened. The team assured users that their funds were safe and that all bad debts would be repaid.

Just as the situation seemed under control, a second attack was reported on Thursday during the reimbursement process. This time, the same attacker drained another $3.7 million from the protocol and converted the funds back to ETH. The affected pools included uDAI, uWETH, uLUSD, uFRAX, UCRVUSD, and uUSDT.

The crypto community reacted with concern, questioning the safety of their funds. Many joked that the funds were not “safu” but were “with Sifu,” referring to UwU Lend’s founder Michael Patryn, also known as Sifu. Patryn, a co-founder of the collapsed QuadrigaCX, is currently under investigation by Canadian authorities for his involvement in the exchange’s criminal activities.

UwU Lend has paused the protocol again this week to investigate. Reports indicate that the second exploit was caused by a vulnerability similar to the first attack. MetaTrust Labs explained that the hacker used 60 million uSUSDE obtained from Monday’s hack as collateral to drain the pool.

This series of events led users to question whether the UwU Lend team knew about the tokens in the attacker’s wallet and why they didn’t stop supporting the sUSDE collateral.

As of now, UwU Lend has not provided an official explanation for the second exploit. Users are left wondering how a similar attack could happen so soon after the first and whether the protocol’s security measures are adequate to prevent future breaches.

The challenges faced by UwU Lend highlight the vulnerabilities in DeFi protocols and the importance of strong security measures. As the investigation continues, the DeFi community will be closely watching to see how UwU Lend addresses these issues and what steps they take to restore user confidence.

UwU Lend’s recent experiences highlight the risks involved in DeFi protocols. The quick succession of attacks has shaken user confidence and raised important questions about the protocol’s security. As the investigation unfolds, UwU Lend must address these vulnerabilities and implement stronger safeguards to protect their users and assets. The outcome will have significant implications for the broader DeFi ecosystem, emphasizing the need for continuous improvement in security practices and protocols.

Share:
Go back to All News
Previous article

Swiss Regulator Shuts Down ...

 Swiss Regulator Shuts Down Crypto Bank FlowBank SA
Next article

Fidelity Analyst Explains Why Bitcoin ...

Fidelity Analyst Explains Why Bitcoin Growth Has Slowed