3 months ago
21 ARTICLE AD
In a troubling development, the UwU Lend protocol, which fell victim to a nearly $20 million hack on June 10, is now facing another ongoing exploit. Onchain data analytics platform Cyvers has alerted the protocol to the attack, asserting that the same attackers responsible for the previous exploit are behind this latest incident.
The ongoing exploit has already drained $3.5 million from several asset pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT. The stolen assets have been converted to Ether (ETH) and are currently held at the attacker’s address. Etherscan has tagged the address in question accordingly based on a report by Togbe, one of the first X users to bring attention to the initial hack.
This latest attack comes just three days after the initial $20 million exploit, which was caused by price manipulation.
According to the analysis from Cyvers, the attackers used a flash loan to swap USDe for other tokens, leading to a lower price of Ethena USDe (USDE) and Ethena Staked USDe (SUSDE). They then deposited the tokens to UwU Lend and lent more SUSDE than expected, driving the USDE price higher. The attackers also deposited SUSDE to UwU Lend and borrowed more Curve DAO (CRV) than anticipated.
Through these tactics, the attackers managed to steal nearly $20 million in tokens.
Notably, a recent report on CRV liquidations from Lookonchain shows that Curve Finance founder Michael Egorov borrowed various stablecoins from DeFi platforms, including UwU Lend. Egorov made loan positions worth roughly $5 million in USDT and DAI over UwU Lend.
Ironically, the UwU Lend protocol had just begun reimbursing victims of the previous hack when the second exploit occurred.
Hello UwU Frens!
We are happy to announce that all bad debt for the $wETH market has been repaid! A total of 481.36 $wETH ($1,734,042), covering all bad debt for the market, has been paid.
• https://t.co/IeMIkaW7cM
— UwU Lend (@UwU_Lend) June 13, 2024
The protocol announced on X that it had repaid all bad debt for the Wrapped Ether (wETH) market, amounting to 481.36 wETH worth over $1.7 million. In total, UwU Lend has reimbursed over $9.7 million to date.
Following the first exploit, UwU claimed to have identified and resolved the vulnerability responsible, which was reportedly unique to the USDe market oracle. The protocol stated that all other markets had been re-reviewed by industry professionals and auditors, with “no issues or concerns found.”
However, crypto security firm CertiK has revealed to that the ongoing exploit is not the result of the same vulnerability but rather a consequence of the initial attack. CertiK explains that the attacker had gained a significant number of uUSDE tokens from the first exploit and was still holding them.
Despite the protocol being paused, UwU Lend still considered uUSDE as a “legitimate collateral,” explains CertiK. This condition allowed the threat actors to exploit the remaining uUSDE amounts and drain all other UwULend pools.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
