TLDR
UwU
Lend,
a
decentralized
finance
(DeFi)
lending
and
liquidity
protocol,
has
fallen
victim
to
yet
another
significant
security
breach,
just
days
after
suffering
a
$20
million
exploit.Affected
pools:
uDAI,
uWETH,
uLUSD,
uFRAX,
uCRVUSD,
uUSDT
All
stolen
assets
have
been
converted
to
$ETH
and
are
located
at
the
attacker’s
address:
https://t.co/9TvwLh18P1
To
learn…
https://t.co/AjcMS1Cdyl
—
????
Cyvers
Alerts
????
(@CyversAlerts)
June
13,
2024
The
attack
took
place
during
the
reimbursement
process
for
victims
of
the
previous
$20
million
exploit.
UwU
Lend
had
already
repaid
over
$9.7
million
in
bad
debt,
including
481.36
wETH
worth
more
than
$1.7
million
for
the
Wrapped
Ether
(wETH)
market
alone.
The
initial
exploit,
which
occurred
on
June
10,
was
caused
by
price
manipulation.
The
attacker
used
a
flash
loan
to
swap
USDe
for
other
tokens,
leading
to
a
lower
price
of
Ethena
USDe
(USDE)
and
Ethena
Staked
USDe
(SUSDE).
By
depositing
the
tokens
to
UwU
Lend
and
lending
more
SUSDE
than
expected,
the
attacker
drove
the
USDE
price
higher,
ultimately
stealing
nearly
$20
million
in
tokens.
According
to
CertiK,
a
crypto
security
firm,
the
latest
exploit
is
not
due
to
the
same
vulnerability
but
rather
a
consequence
of
the
first
attack.
The
attacker
gained
a
significant
number
of
sUSDE
tokens
from
the
initial
exploit
and,
despite
the
protocol
being
paused,
UwU
Lend
still
considered
sUSDE
as
legitimate
collateral.
This
oversight
allowed
the
attackers
to
exploit
the
remaining
sUSDE
and
drain
the
remaining
pools.
The
series
of
hacks
has
had
a
significant
impact
on
UwU
Lend’s
governance
token,
UWU,
which
has
shed
14.5%
of
its
value
over
the
past
seven
days
and
81%
in
the
past
year,
now
holding
a
market
cap
of
just
$26
million.
Go to Source
Author: Oliver Dale
