Hacker drains $19.5 million from UwU Lend in price oracle exploit
Blockchain safety agency Cyvers Alert reported a major exploit on the DeFi lending protocol UwU Lend, which resulted in an roughly $19.5 million loss.
The attacker funded their pockets through the sanctioned crypto mixer Twister Money.
Cyvers co-founder and CTO Meir Dolev instructed CryptoSlate in a June 10 assertion:
“The UWU lending contract was exploited by an attacker that executed three transactions in six minutes and drained approximately $20 million.”
On-chain data reveals that the attacker’s pockets moved a number of digital belongings, together with wrapped Ethereum (WETH), wrapped Bitcoin (WBTC), and stablecoins like USDC. The attacker’s handle has been tagged because the UwU Lend Exploiter on Etherscan.
Web3 safety agency PeckShield additional corroborated the incident, including that the basis explanation for the assault was a price oracle problem. It mentioned:
“In particular, the sUSDe asset is priced as median from multiple sources. Five of them, i.e., FRAXUSDe, USDeUSDC, USDeDAI, USDecrvUSD, and GHOUSDe, were manipulated during the hack.”
In the meantime, UwU Lend confirmed the incident and instantly paused its platform. The protocol mentioned:
“[We are] taking all necessary steps [and] doing our best here. Stay tuned for further updates.”
TVL surge?
Regardless of the exploit, the entire worth of belongings locked on the DeFi protocol UwU Lend surged by 135% in the final 24 hours.
Data from DeFiLlama exhibits that UwU Lend at present holds over 82,000 ETH, valued at $305 million. Nonetheless, roughly $247 million of those funds are borrowed.
UwU Lend was developed by Michael Patryn — often known as Sifu or 0xSifu — the controversial founding father of the defunct Quadriga CX trade. The platform permits depositors to supply liquidity to earn passive earnings, whereas debtors can get hold of liquidity in an over-collateralized method. Moreover, liquidity suppliers provide liquidity and earn income by staking their LP tokens.