Key Takeaways
- Two Major Hacks: UwU Lend has been hacked twice within three days, losing a total of $23 million.
- Sophisticated Attacks: The first hack involved price manipulation using flash loans, and the second attack exploited a similar vulnerability.
- Security Concerns: The community has raised concerns about the protocol’s security measures and the handling of the attacks.
- Founder’s Controversial Past: UwU Lend’s founder, Michael Patryn, also known as Sifu, has a controversial past, which has fueled skepticism.
- Ongoing Investigation: UwU Lend has paused operations again to investigate the attacks and address the vulnerabilities.
UwU Lend Faces Second $3.7 Million Hack
UwU Lend, a decentralized finance (DeFi) lending protocol, has recently suffered two significant security breaches within a span of three days, losing a total of $23 million. The second attack occurred on Thursday, while the protocol was attempting to reimburse users from a previous hack.
First Hack: June 10
On June 10, UwU Lend was targeted in a sophisticated attack that resulted in a loss of $19.3 million. The attackers employed flash loans to exploit the protocol. In response, UwU Lend paused its operations and reassured users that most assets were secure. They also offered a $4 million white hat bounty for the return of the stolen funds. The stolen assets included Wrapped Ethereum (wETH), Wrapped Bitcoin (wBTC), Curve DAO (CRV), Tether (USDT), Staked USDe (sUSDE), among others.
Also Read: Litecoin Price Prediction Stays Under $80: What’s Stopping LTC’s Rise?
Blockchain security firm Beosin revealed that the attacker manipulated the price of USDe (USDE) by swapping it for other tokens using flash loans. This devalued USDe and sUSDE. After the price manipulation, the hacker deposited some tokens into UwU Lend and borrowed more sUSDe than expected, driving USDe’s price higher. Similarly, the attacker deposited the sUSDE to UwU Lend and borrowed CRV.
Second Hack: June 13
By June 12, UwU Lend announced they had identified and fixed the vulnerability, unique to the sUSDE market oracle. The protocol was unpaused, and markets were gradually reopened. The team assured users that their funds were safe and that all bad debts would be repaid. However, a second attack was reported on June 13, during the reimbursement process. This time, the same attacker drained another $3.7 million from the protocol and converted the funds back to ETH. The affected pools included uDAI, uWETH, uLUSD, uFRAX, UCRVUSD, and uUSDT.
Also Read; Telegram’s Blockchain Rises in Daily Users, Sparks Crypto Debate
Community Reaction and Security Concerns
The crypto community reacted with concern, questioning the safety of their funds. Many joked that the funds were not “safu” but were “with Sifu,” referring to UwU Lend’s founder Michael Patryn, also known as Sifu. Patryn, a co-founder of the collapsed QuadrigaCX, is currently under investigation by Canadian authorities for his involvement in the exchange’s criminal activities.
UwU Lend has paused the protocol again this week to investigate. Reports indicate that the second exploit was caused by a vulnerability similar to the first attack. MetaTrust Labs explained that the hacker used 60 million uSUSDE obtained from the first hack as collateral to drain the pool.
🚨 UwU Lend faces another $3.7M hack just days after a $19.3M breach! The DeFi protocol is under scrutiny as security concerns rise. How will UwU Lend restore user confidence? Stay tuned for updates. #DeFi #CryptoSecurity #UwULend #BlockchainNewshttps://t.co/ELFHyzXJr0 pic.twitter.com/lupznKePCt
— City Telegraph (@0xCitytelegraph) June 14, 2024
The challenges faced by UwU Lend underscore the vulnerabilities in DeFi protocols and the critical importance of robust security measures. As the investigation continues, the DeFi community will be closely monitoring UwU Lend’s response and the steps they take to restore user confidence.
