DeFi lending protocol UwU Lend has suffered two assaults up to now 3 days. The second one exploit happened on Thursday all over the protocol’s repayment procedure from the primary hack. The continued saga has taken round $23 million from the protocol.
DeFi Protocol Hit With $20 Million Exploit
On June 10, DeFi venture UwU Lend used to be hit by way of an advanced assault that took $19.3 million. The assault apparently concerned the usage of flash loans to take advantage of the protocol. The venture temporarily addressed the location by way of pausing the protocol and confident customers that the majority property had been secure.
UwU Lend acknowleges $20 million exploit. Supply: UwU Lend on X
Moreover, the crew introduced a $4 million white hat bounty for the go back of the budget. The record of stolen property integrated Wrapped Ethereum (wETH), Wrapped Bitcoin (wBTC), Curve DAO (CRV), Tether (USDT), Staked USDe (sUSDE), and others.
Blockchain safety company Beosin printed that the attacker manipulated the cost of USDe (USDE) by way of swapping it for different tokens via flash loans. Apparently, this transfer reduced USDe and sUSDE’s value.
Following the fee manipulation, the hacker deposited a part of the tokens to UwU Lend and “lent extra $sUSDe than anticipated,” riding USDe’s value upper. In a similar fashion, the attacker deposited the sUSDE to the DeFi protocol and borrowed CRV.
On Wednesday, UwU Lend knowledgeable customers that its crew had recognized the vulnerability. In keeping with the submit, it used to be a vulnerability distinctive to the sUSDE marketplace oracle and were resolved on the time of the record.
Because of this, the protocol used to be unpaused, and the markets had been slowly relaunched to go back to their standard operations. The DeFi venture additionally introduced it will pay off all its dangerous debt and that customers’ budget had now not been misplaced all over the exploit, claiming that their budget “are safu at UwU Lend.”
Do You Get DéFì Vu?
What appeared to be the tip of the tale became out to be the primary installment of a saga. On Thursday, reviews of a 2nd assault on UwU Lend gave the impression because the protocol performed its repayment procedure.
In step with the reviews, the similar attacker tired some other $3.7 million from the DeFi protocol prior to changing the budget to ETH once more. The affected swimming pools integrated uDAI, uWETH, uLUSD, uFRAX, UCRVUSD, and uUSDT.
The crypto neighborhood expressed their worry about the second one assault, with many wondering if their budget had been certainly secure. Customers began to comic story that budget weren’t “safu” however had been “with Sifu” as an alternative.
Crypto neighborhood stocks memes concerning the assault. Supply: ZachXBT on X
UwU Lend used to be based by way of Michael Patryn, sometimes called Sifu. Patryn used to be the co-founder of the now-collapsed QuadrigaCX. As reported by way of , Canadian government had been pursuing an unexplained wealth order (UWO) in opposition to Sifu for his involvement within the trade’s prison actions.
The DeFi venture has paused the protocol for the second one time this week, and the location is being investigated. Alternatively, on-line reviews declare that the second one exploit used to be led to by way of a vulnerability very similar to the primary assault.
MetaTrust Labs defined the hacker apparently used 60 million uSUSDE got from Monday’s hack “as collateral to empty the pool.”
The inside track led to customers to wonder if the UwU Lend crew used to be blind to the tokens within the attacker’s pockets. Some additionally wondered why they didn’t forestall supporting the sUSDE collateral.
On the time of writing, an professional cause of the second one exploit has now not been printed.
ETH is buying and selling at $3,447 at the three-day chart. Supply: ETHUSDT on TradingView
Featured Symbol from Unsplash.com, Chart from TradingView.com