The crypto lending platform UwU Lend has suffered another hack, just as it was recovering from a prior $20 million exploit on June 10.
The protocol was alerted to the new attack by the Web3 security firm Cyvers, which indicated that the same perpetrators were responsible for both incidents.
Cyvers reported that the latest breach has resulted in the theft of $3.7 million from various asset pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe – We publish new crypto explainer videos every week!
In the first breach, the attacker manipulated prices by using a flash loan to exchange Ethena USDe (USDe) for other tokens, causing a drop in the prices of USDe and Ethena Staked USDe (SUSDe). The attacker then deposited these tokens into UwU Lend, enabling them to borrow more SUSDe than usual, increasing the price of USDe.
The exploiter also deposited SUSDe into UwU Lend and borrowed more Curve DAO (CRV) than typically possible. Through these strategies, nearly $20 million worth of tokens were stolen, all of which were converted into Ether (ETH).
In response to the initial breach, UwU Lend began reimbursing affected users. They announced on X that they had cleared all bad debt in the Wrapped Ether (wETH) market, amounting to 481.36 wETH (over $1.7 million), and had reimbursed a total of over $9.7 million.
UwU Lend stated they had identified and resolved the vulnerability that facilitated the first exploit. Additionally, they reported that other markets had been thoroughly reviewed by industry experts and auditors, with no further issues found.
However, crypto security firm CertiK clarified that the latest attack did not stem from the same vulnerability; instead, it was a consequence of the initial exploit. Despite the protocol being paused, UwU Lend’s continued recognition of uUSDE as valid collateral allowed the attackers, who still held a significant number of uUSDE tokens, to exploit these tokens and drain the remaining pools.
This second breach highlights the challenges in securing decentralized finance platforms, emphasizing the need for strict measures to protect user assets.
In other news, hackers recently used a Google Chrome plugin designed to access browser cookies and stole over $1 million from a Binance user.
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.