The UwU Lend protocol, previously targeted in a nearly $20 million hack on June 10, is facing an ongoing cryptocurrency exploit that has so far resulted in the theft of $3.7 million.
This development comes as the protocol has been making efforts to reimburse its users following the $19.3 million June 10 hack.
$3.7 Million Hack
Cyvers, an on-chain data analytics platform, was the first to alert UwU Lend about the ongoing exploit. According to its findings, the bad actors behind this latest incident appear to be the same as those responsible for the earlier $19.3 million heist.
ALERT@UwU_Lend has suffered another security breach by the same attacker!
Total loss: $3.7M
Affected pools: uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, uUSDT
All stolen assets have been converted to $ETH and are located at the attacker’s address: https://t.co/9TvwLh18P1To learn… https://t.co/AjcMS1Cdyl
— Cyvers Alerts (@CyversAlerts) June 13, 2024
The stolen funds, sourced from various asset pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT, have already been converted into Ethereum and transferred to the attacker’s address.
Following the initial breach on June 10, the development team at UwU Lend notified the community that they had implemented immediate measures to mitigate the damage. The protocol was temporarily paused while investigations were conducted into the vulnerabilities exploited by the hackers.
In an update shared on June 12 via a thread on X, the UwU developer team disclosed that they had identified the specific vulnerability related to the sUSDe market oracle and claimed to have resolved it.
(1/5)
The team has now identified the vulnerability, which was unique to the sUSDe market oracle and has now been . All other markets have been re-reviewed by industry professionals and auditors with no issues or concerns found.
— UwU Lend (@UwU_Lend) June 12, 2024
They added that independent audits of all other markets had been conducted without discovering additional issues, assuring users that all functions would resume promptly and emphasized that no user funds had been permanently lost during the incident.
Reimbursement Efforts
Following the incident, UwU initiated reimbursement efforts, informing users that “The protocol will repay all bad debt as quickly as reasonably possible. We will keep users up to date about progress and the next steps.”
In a final update on June 13, the team reported that they had successfully reimbursed a total of $9,715,288 to affected users thus far. The breakdown included specific amounts returned in various cryptocurrencies such as DAI, crvUSD, USDT, and wETH.
Repaid so far:
• 3,522,427 $DAI
• 233,819 $crvUSD
• 4,225,000 $USDT
• 481.36 $wETH ($1,734,042)
Total: $9,715,288— UwU Lend (@UwU_Lend) June 13, 2024
UwU Lend, a fork of the open-source AAVE v2 protocol, offers its users various decentralized finance services such as lending, borrowing, and staking. One of its unique features includes a revenue-sharing token called UwU, which allows users to earn a portion of the platform’s revenues directly.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER 2024 at BYDFi Exchange: Up to $2,888 welcome reward, use this link to register and open a 100 USDT-M position for free!