🔥 Gate.io #EIGEN# Limited-Time Listing Campaign is On Fire, Share $20,000 Rewards!
Deposit #EIGEN# to Split $13,000
Trade #EIGEN# to Split Extra $4,000
New Users Exclusive: Share a $3,000 Prize Pool
🚀 Join Now: https://www.gate.io/questionnaire/5209
Detail: https://www.gate.io/announcements/article/39599
UwU Lend Reacts to $23 Million Hack, Pauses Protocol and Negotiates with Hacker
Hassan Shittu
Last updated:
June 11, 2024 10:31 EDT | 3 min read
Uwu Lend, a lending protocol founded by Frog Nation’s former CFO Sifu, suffered a $19.4 million loss due to an oracle manipulation attack.
Cyvers first identified the exploit, revealing a sophisticated series of three transactions uted within six minutes. The attackers converted stolen Wrapped Bitcoin (WBTC) and Dai (DAI) into Ether (ETH) after being funded from Tornado Cash.
UwU Lend Hit by $20 Million Oracle Manipulation Attack, Founder Offers Deal to Hacker
On Monday, June 10, UwU Lend, a decentralized finance (DeFi) protocol, was hacked for nearly $20 million in an ongoing cryptocurrency exploit. The incident was first identified by on-chain security firm Cyvers, which ed the community with a post on social media platform X:
According to Cyvers, UwU Lend, which functions as a liquidity market allowing users to deposit and borrow digital assets, was attacked through a sophisticated series of transactions. The exploit quickly escalated, surpassing $20 million in stolen funds within an hour of the initial .
The attack, funded through the crypto-mixing protocol Tornado Cash, was uted with remarkable speed and precision. The hacker performed three malicious transactions in just six minutes, draining approximately $20 million. Cyvers disclosed that the funding for the attack was received from Tornado Cash two days before the exploit.
According to Peckshield, the root cause was a price oracle issue involving the sUSDe asset, priced based on a median from multiple sources. The attacker manipulated five sources during the hack, causing the exploit.
In response to the attack, UwU Lend swiftly paused its protocol to prevent further losses and set the borrowing and deposit rates to 0% to protect users’ positions. The team issued a statement on their X page, explaining their immediate actions and ongoing investigation:
UwU CEO offer to the hacker Source: EtherscanMichael Patryn, also known as 0xSifu, the founder of UwU Lend, offered the hacker a deal to return about $16 million in crypto in exchange for dropping potential charges. He stated in an on-chain message:
Post-deadline, the bounty would be offered to anyone who could expose and help bring the exploiter to justice. Meanwhile, another individual sent an on-chain message to the hacker with instructions on how to move the funds without getting caught, adding another layer of complexity to the situation.
The stolen assets, which include significant amounts of WETH, WBTC, bLUSD, crvUSD, sDAI, CRV, DAI, USDT, and sUSDe, are currently parked in two addresses. The total estimated loss stands at approximately $23 million.
Crypto Hackers Poised to Surpass 2023 with Record-Breaking Thefts in 2024
UwU Lend, which operates as a liquidity market allowing users to deposit and borrow digital assets, has assured users that the hack did not affect most deposited assets, including SIFU, VOLTA, FRAX, and several other markets.
UwuLend’s audit by Peckshield had previously characterized the code as “well designed and engineered,” with “no high-severity or critical issues” detected.
Crypto hackers may be on track to surpass 2023 regarding stolen digital assets. In the first quarter of 2024, hackers stole digital assets valued at $542.7 million, a 42% increase compared to the same period in 2023.
The surge in stolen funds can be attributed to the rising valuation of cryptocurrencies, which has increasingly attracted malicious actors since the beginning of 2024. As the value of digital assets climbs, so does the incentive for hackers to exploit vulnerabilities within the crypto eco.
Follow Us on Google News