The crypto lending platform UwU Lend has suffered one other hack, simply because it was recovering from a previous $20 million exploit on June 10.
The protocol was alerted to the brand new assault by the Web3 safety agency Cyvers, which indicated that the identical perpetrators had been accountable for each incidents.
Cyvers reported that the newest breach has resulted within the theft of $3.7 million from numerous asset swimming pools, together with uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT.
Do you know?
Need to get smarter & wealthier with crypto?
Subscribe – We publish new crypto explainer movies each week!
Within the first breach, the attacker manipulated costs through the use of a flash mortgage to change Ethena USDe (USDe) for different tokens, inflicting a drop within the costs of USDe and Ethena Staked USDe (SUSDe). The attacker then deposited these tokens into UwU Lend, enabling them to borrow extra SUSDe than common, growing the value of USDe.
The exploiter additionally deposited SUSDe into UwU Lend and borrowed extra Curve DAO (CRV) than sometimes attainable. By means of these methods, almost $20 million price of tokens had been stolen, all of which had been transformed into Ether (ETH).
In response to the preliminary breach, UwU Lend started reimbursing affected customers. They introduced on X that that they had cleared all unhealthy debt within the Wrapped Ether (wETH) market, amounting to 481.36 wETH (over $1.7 million), and had reimbursed a complete of over $9.7 million.
UwU Lend acknowledged that they had recognized and resolved the vulnerability that facilitated the primary exploit. Moreover, they reported that different markets had been totally reviewed by trade specialists and auditors, with no additional points discovered.
Nonetheless, crypto safety agency CertiK clarified that the newest assault didn’t stem from the identical vulnerability; as a substitute, it was a consequence of the preliminary exploit. Regardless of the protocol being paused, UwU Lend’s continued recognition of uUSDE as legitimate collateral allowed the attackers, who nonetheless held a big variety of uUSDE tokens, to use these tokens and drain the remaining swimming pools.
This second breach highlights the challenges in securing decentralized finance platforms, emphasizing the necessity for strict measures to guard person belongings.
In different information, hackers just lately used a Google Chrome plugin designed to entry browser cookies and stole over $1 million from a Binance person.
Having accomplished a Grasp’s diploma in Economics, Politics, and Cultures of the East Asia area, Aaron has written scientific papers analyzing the variations between Western and Collective types of capitalism within the post-World Warfare II period.With near a decade of expertise within the FinTech trade, Aaron understands all the greatest points and struggles that crypto lovers face. He’s a passionate analyst who is anxious with data-driven and fact-based content material, in addition to that which speaks to each Web3 natives and trade newcomers.Aaron is the go-to particular person for all the pieces and something associated to digital currencies. With an enormous ardour for blockchain & Web3 schooling, Aaron strives to remodel the house as we all know it, and make it extra approachable to finish freshmen.Aaron has been quoted by a number of established retailers, and is a printed writer himself. Even throughout his free time, he enjoys researching the market tendencies, and searching for the subsequent supernova.
