Home > web3.0 > UwU Lend Hit With Second $3.7M Exploit During Reimbursement Process

UwU Lend Hit With Second $3.7M Exploit During Reimbursement Process

WBOY
Release: 2024-06-14 21:42:40
Original
331 people have browsed it

DeFi lending protocol UwU Lend has suffered two attacks in the past three days. The second exploit occurred on Thursday during the protocol's reimbursement process from the first hack.

UwU Lend Hit With Second .7M Exploit During Reimbursement Process

DeFi lending protocolUwU Lend has been hit by two attacks in the past three days, with the second exploit occurring on Thursday during the protocol’s reimbursement process from the first hack. The ongoing saga has taken around $23 million from the protocol.

DeFi Protocol Hit With $20 Million Exploit

On June 10, DeFi project UwU Lend was hit by a sophisticated attack that took $19.3 million. The attack seemingly involved the use of flash loans to exploit the protocol. The project quickly addressed the situation by pausing the protocol and assured users that most assets were safe.

Additionally, the team offered a $4 million white hat bounty for the return of the funds. The list of stolen assets included Wrapped Ethereum (wETH), Wrapped Bitcoin (wBTC), Curve DAO (CRV), Tether (USDT), Staked USDe (sUSDE), and others.

Blockchain security firm Beosin revealed that the attacker manipulated the price of USDe (USDE) by swapping it for other tokens through flash loans. Seemingly, this move lowered USDe and sUSDE’s price.

Following the price manipulation, the hacker deposited part of the tokens to UwU Lend and “lent more $sUSDe than expected,” driving USDe’s price higher. Similarly, the attacker deposited the sUSDE to the DeFi protocol and borrowed CRV.

On Wednesday, UwU Lend informed users that its team had identified the vulnerability. Per the post, it was a vulnerability unique to the sUSDE market oracle and had been resolved at the time of the report.

As a result, the protocol was unpaused, and the markets were slowly relaunched to return to their normal operations. The DeFi project also announced it would repay all its bad debt and that users’ funds had not been lost during the exploit, claiming that their funds “are safu at UwU Lend.”

Do You Get DéFì Vu?

What seemed to be the end of the story turned out to be the first installment of a saga. On Thursday, reports of a second attack on UwU Lend appeared as the protocol carried out its reimbursement process.

According to the reports, the same attacker drained another $3.7 million from the DeFi protocol before converting the funds to ETH again. The affected pools included uDAI, uWETH, uLUSD, uFRAX, UCRVUSD, and uUSDT.

The crypto community expressed their concern about the second attack, with many questioning if their funds were indeed safe. Users started to joke that funds were not “safu” but were “with Sifu” instead.

UwU Lend was founded by Michael Patryn, also known as Sifu. Patryn was the co-founder of the now-collapsed QuadrigaCX. As reported by Bitcoinist, Canadian authorities were pursuing an unexplained wealth order (UWO) against Sifu for his involvement in the exchange’s criminal activities.

The DeFi project has paused the protocol for the second time this week, and the situation is being investigated. However, online reports claim that the second exploit was caused by a vulnerability similar to the first attack.

MetaTrust Labs explained the hacker seemingly used 60 million uSUSDE obtained from Monday’s hack “as collateral to drain the pool.”

The news caused users to wonder whether the UwU Lend team was unaware of the tokens in the attacker’s wallet. Some also questioned why they didn’t stop supporting the sUSDE collateral.

At the time of writing, an official explanation for the second exploit has not been published.

News source:https://www.kdj.com/cryptocurrencies-news/articles/uwu-lend-hit-m-exploit-reimbursement-process.html

The above is the detailed content of UwU Lend Hit With Second $3.7M Exploit During Reimbursement Process. For more information, please follow other related articles on the PHP Chinese website!

source:kdj.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template