DeFi lending protocol UwU Lend has suffered two assaults up to now three days. The second assault occurred on Thursday, throughout protocol compensation for the primary hack. The continuing saga has seen an estimated $23 million misplaced from the settlement.
DeFi protocol suffers $20 million assault
On June 10, the DeFi mission UwU Lend suffered a fancy assault and suffered a lack of US$19.3 million. The assault seems to contain using flash loans to use the protocol. The mission rapidly resolved the problem by suspending the protocol and guaranteed customers that the majority property have been protected.
UwU Lend acknowleges $20 million exploit. Supply: UwU Lend on X
As well as, the workforce is providing a $4 million white hat bounty to return funds. Stolen property embrace Wrapped Ethereum (wETH), Wrapped Bitcoin (wBTC), Curve DAO (CRV), Tether (USDT), Staked USDe (sUSDE), and extra.
Blockchain safety firm Beosin revealed that attackers manipulated the worth of USDe (USDE) by exchanging USDe (USDE) for different tokens by way of flash loans. It seems that this transfer lowered the costs of USDe and sUSDE.
Following the worth manipulation, the hackers deposited a few of the tokens into UwU Lend and “lent out extra $sUSDe than anticipated,” thereby driving up the worth of USDe. Likewise, the attacker deposits sUSDE into the DeFi protocol and borrows CRV.
On Wednesday, UwU Lend notified customers that its workforce had found the flaw. In accordance with the publish, this was a vulnerability particular to the sUSDE market oracle that had been resolved on the time of the report.
Consequently, the settlement was not suspended and the market slowly restarted and returned to regular operations. The DeFi mission additionally introduced that it could repay all dangerous money owed and that customers’ funds weren’t misplaced in the course of the utilization course of, claiming that their funds “are protected with UwU Lend.”
Do you may have DéFì Vu?
What appeared like the tip of the story turned out to be the primary a part of the saga. Experiences of a second assault on UwU Lend emerged on Thursday because the settlement went by way of the reimbursement course of.
The identical attacker reportedly stole a further $3.7 million from the DeFi protocol earlier than changing the funds to ETH once more. Affected mining swimming pools embrace uDAI, uWETH, uLUSD, uFRAX, UCRVUSD and uUSDT.
The crypto neighborhood expressed concern concerning the second assault, with many questioning whether or not their funds have been certainly protected. Customers began joking that the funds weren’t “safu” however “with Sifu”.
Crypto neighborhood shares memes concerning the assault. Supply: ZachXBT on X
UwU Lend was based by Michael Patryn, often known as Sifu. Patryn was the co-founder of the now-defunct QuadrigaCX. Canadian authorities are imposing an Unknown Wealth Order (UWO) on Sifu for his involvement in felony exercise on the change, Bitcoinist reported.
This week, the DeFi mission has suspended the protocol for the second time whereas the state of affairs is at present below investigation. Nonetheless, on-line studies declare that the second assault was brought on by a vulnerability just like the primary assault.
MetaTrust Labs defined that the hackers appeared to have used the $60 million gained from Monday’s hack “as collateral to empty the pool.”
This information made customers ponder whether the UwU Lend workforce was unaware of the tokens within the attacker’s pockets. Some additionally questioned why they didn’t cease supporting sUSDE collateral.
As of this writing, an official rationalization for the second vulnerability has not but been launched.
ETH is buying and selling at $3,447 on the three-day chart. Supply: ETHUSDT on TradingView
Featured picture from Unsplash.com, chart from TradingView.com
