DeFi lending protocol UwU Lend has suffered two assaults previously three days. The second exploit occurred on Thursday in the course of the protocol’s reimbursement course of from the primary hack. The continuing saga has taken round $23 million from the protocol.
DeFi Protocol Hit With $20 Million Exploit
On June 10, DeFi venture UwU Lend was hit by a classy assault that took $19.3 million. The assault seemingly concerned the usage of flash loans to take advantage of the protocol. The venture rapidly addressed the scenario by pausing the protocol and warranted customers that almost all belongings had been secure.
UwU Lend acknowleges $20 million exploit. Supply: UwU Lend on X
Moreover, the crew supplied a $4 million white hat bounty for the return of the funds. The checklist of stolen belongings included Wrapped Ethereum (wETH), Wrapped Bitcoin (wBTC), Curve DAO (CRV), Tether (USDT), Staked USDe (sUSDE), and others.
Blockchain safety agency Beosin revealed that the attacker manipulated the worth of USDe (USDE) by swapping it for different tokens by flash loans. Seemingly, this transfer lowered USDe and sUSDE’s value.
Following the worth manipulation, the hacker deposited a part of the tokens to UwU Lend and “lent extra $sUSDe than anticipated,” driving USDe’s value larger. Equally, the attacker deposited the sUSDE to the DeFi protocol and borrowed CRV.
On Wednesday, UwU Lend knowledgeable customers that its crew had recognized the vulnerability. Per the submit, it was a vulnerability distinctive to the sUSDE market oracle and had been resolved on the time of the report.
Consequently, the protocol was unpaused, and the markets had been slowly relaunched to return to their regular operations. The DeFi venture additionally introduced it will repay all its unhealthy debt and that customers’ funds had not been misplaced in the course of the exploit, claiming that their funds “are safu at UwU Lend.”
Do You Get DéFì Vu?
What appeared to be the top of the story turned out to be the primary installment of a saga. On Thursday, experiences of a second assault on UwU Lend appeared because the protocol carried out its reimbursement course of.
In response to the experiences, the identical attacker drained one other $3.7 million from the DeFi protocol earlier than changing the funds to ETH once more. The affected swimming pools included uDAI, uWETH, uLUSD, uFRAX, UCRVUSD, and uUSDT.
The crypto neighborhood expressed their concern in regards to the second assault, with many questioning if their funds had been certainly secure. Customers began to joke that funds weren’t “safu” however had been “with Sifu” as an alternative.
Crypto neighborhood shares memes in regards to the assault. Supply: ZachXBT on X
UwU Lend was based by Michael Patryn, also referred to as Sifu. Patryn was the co-founder of the now-collapsed QuadrigaCX. As reported by Bitcoinist, Canadian authorities had been pursuing an unexplained wealth order (UWO) in opposition to Sifu for his involvement within the alternate’s felony actions.
The DeFi venture has paused the protocol for the second time this week, and the scenario is being investigated. Nevertheless, on-line experiences declare that the second exploit was attributable to a vulnerability just like the primary assault.
MetaTrust Labs defined the hacker seemingly used 60 million uSUSDE obtained from Monday’s hack “as collateral to empty the pool.”
The information brought about customers to wonder if the UwU Lend crew was unaware of the tokens within the attacker’s pockets. Some additionally questioned why they didn’t cease supporting the sUSDE collateral.
On the time of writing, an official clarification for the second exploit has not been revealed.
ETH is buying and selling at $3,447 on the three-day chart. Supply: ETHUSDT on TradingView
Featured Picture from Unsplash.com, Chart from TradingView.com
