UwU Lend hit by Second Hack this Week leading to $3.7M Loss

2024-06-13 by Ndaman Olayinka 3 minutes read

The UwU Lend decentralized finance (DeFi) protocol was hacked for $3.7 million today, according to on-chain security firms Cyvers, Beosin, and Blocksec.

Cyvers stated that the same attacker is responsible for this week's two exploited flash loan breaches, which marks UwU Lend's second compromise this week.

🚨@UwU_Lend was just under another ~$3.7M exploit by the same attacker on Jun 10.

Attacker:
0x841dDf093f5188989fA1524e7B893de64B421f47 https://t.co/Vr1citK0xs
— Beosin Alert (@BeosinAlert) June 13, 2024

🚨ALERT🚨Hey @UwU_Lend, you are being targeted again by same hacker!

Look at this trx: https://t.co/RstdittKpK

More info will follow!

Want to keep your company off our alerts radar? Learn how to secure your assets: Book a Demo 🚀 https://t.co/uUbFkFTp4h #CyversAlert pic.twitter.com/mMMTByHNkK
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 13, 2024

On Monday, June 10, the decentralized lending protocol UwU Lend was breached for almost $20 million. Blockchain security company Cyvers made the initial discovery of the $14 million exploit, as stated in a June 10 X post.

UwU began the reimbursement process earlier today, just hours before the second exploit. The attacker stole $3.5 million from various asset pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT, and converted them to Ether using the address, which can be found at 0x841dDf093f5188989fA1524e7B893de64B421f4.

UwU stated that it had discovered the exploit's vulnerability, claiming that it was specific to the USDe market oracle and had resolved the security vulnerability. Nevertheless, the hacker's second attack, according to crypto security firm CertiK, was caused by a different vulnerability that was used on June 10. CertiK added that the attacker still had a significant quantity of sUSDE tokens in their possession, which they had earned from the initial exploit.

UwU Lend was founded by Michael Patryn, also known by the aliases Omar Dhanani and 0xSifu. The UwU Lend DeFi protocol operates as a liquidity market, enabling users to deposit and borrow digital assets.

Cryptocurrency hackers may be on track to steal more digital assets than in 2023. Hackers stole $542.7 million worth of digital assets in the first quarter of 2024, that is 42% increase over the same period in 2023. Since 2024, there has been a rise in the amount of money that has been stolen, partly due to the increasing attraction of cryptocurrencies to unscrupulous individuals.

Disclaimer: This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.

Press releases