Blockchain
security
firm
Cyvers
Alert
reported
a
significant
exploit
on
the
DeFi
lending
protocol
UwU
Lend,
which
resulted
in
an
approximately
$19.5
million
loss.
The
attacker
funded
their
wallet
via
the
sanctioned
crypto
mixer
Tornado
Cash.
Cyvers
co-founder
and
CTO
Meir
Dolev
told
CryptoSlate
in
a
June
10
statement:
“The
UWU
lending
contract
was
exploited
by
an
attacker
that
executed
three
transactions
in
six
minutes
and
drained
approximately
$20
million.”
On-chain
data
reveals
that
the
attacker’s
wallet
moved
several
digital
assets,
including
wrapped
Ethereum
(WETH),
wrapped
Bitcoin
(WBTC),
and
stablecoins
like
USDC.
The
attacker’s
address
has
been
tagged
as
the
UwU
Lend
Exploiter
on
Etherscan.
Web3
security
firm
PeckShield
further
corroborated
the
incident,
adding
that
the
root
cause
of
the
attack
was
a
price
oracle
issue.
It
said:
“In
particular,
the
sUSDe
asset
is
priced
as
median
from
multiple
sources.
Five
of
them,
i.e.,
FRAXUSDe,
USDeUSDC,
USDeDAI,
USDecrvUSD,
and
GHOUSDe,
were
manipulated
during
the
hack.”
Meanwhile,
UwU
Lend
confirmed
the
incident
and
immediately
paused
its
platform.
The
protocol
said:
“[We
are]
taking
all
necessary
steps
[and]
doing
our
best
here.
Stay
tuned
for
further
updates.”
TVL
surge?
Despite
the
exploit,
the
total
value
of
assets
locked
on
the
DeFi
protocol
UwU
Lend
surged
by
135%
in
the
last
24
hours.
Data
from
DeFiLlama
shows
that
UwU
Lend
currently
holds
over
82,000
ETH,
valued
at
$305
million.
However,
approximately
$247
million
of
these
funds
are
borrowed.
UwU
Lend
was
developed
by
Michael
Patryn
—
also
known
as
Sifu
or
0xSifu
—
the
controversial
founder
of
the
defunct
Quadriga
CX
exchange.
The
platform
enables
depositors
to
provide
liquidity
to
earn
passive
income,
while
borrowers
can
obtain
liquidity
in
an
over-collateralized
manner.
Additionally,
liquidity
providers
supply
liquidity
and
earn
revenue
by
staking
their
LP
tokens.
In:
Ethereum,
Hacks
Go to Source
Author: Oluwapelumi Adejumo