3 months ago
Blockchain information steadfast Cyvers Alert reported a important exploit connected the DeFi lending protocol UwU Lend, which resulted successful an astir $19.5 cardinal loss.
The attacker funded their wallet via the sanctioned crypto mixer Tornado Cash.
Cyvers co-founder and CTO Meir Dolev told CryptoSlate in a June 10 statement:
“The UWU lending declaration was exploited by an attacker that executed 3 transactions successful six minutes and drained astir $20 million.”
On-chain data reveals that the attacker’s wallet moved respective integer assets, including wrapped Ethereum (WETH), wrapped Bitcoin (WBTC), and stablecoins similar USDC. The attacker’s code has been tagged arsenic the UwU Lend Exploiter connected Etherscan.
Web3 information steadfast PeckShield further corroborated the incident, adding that the basal origin of the onslaught was a terms oracle issue. It said:
“In particular, the sUSDe plus is priced arsenic median from aggregate sources. Five of them, i.e., FRAXUSDe, USDeUSDC, USDeDAI, USDecrvUSD, and GHOUSDe, were manipulated during the hack.”
Meanwhile, UwU Lend confirmed the incidental and instantly paused its platform. The protocol said:
“[We are] taking each indispensable steps [and] doing our champion here. Stay tuned for further updates.”
TVL surge?
Despite the exploit, the full worth of assets locked connected the DeFi protocol UwU Lend surged by 135% successful the past 24 hours.
Data from DeFiLlama shows that UwU Lend presently holds implicit 82,000 ETH, valued astatine $305 million. However, astir $247 cardinal of these funds are borrowed.
UwU Lend was developed by Michael Patryn — besides known arsenic Sifu oregon 0xSifu — the arguable laminitis of the defunct Quadriga CX exchange. The level enables depositors to supply liquidity to gain passive income, portion borrowers tin get liquidity successful an over-collateralized manner. Additionally, liquidity providers proviso liquidity and gain gross by staking their LP tokens.
The station Hacker drains $19.5 cardinal from UwU Lend successful terms oracle exploit appeared archetypal connected CryptoSlate.
English (US) 