Highlights:
- UwU Lend offers a $5M bounty to whoever identifies the attacker responsible for the $20 million hacker on June 10.
- The protocol offered the exploiter 20% of the stolen funds if the attacker returned 80%, which they didn’t.
- On June 13, UwU Lend faced another $3.7M attack, with Cyvers platform identifying the attacker as the same individual involved in the first exploit.
UwU Lend, a decentralized lending protocol, is offering a $5 million bounty in Ethereum (ETH) to “the first person to identify and locate” the attacker. This came after the hacker failed to transfer 80% of the stolen funds before UwU’s requested deadline of June 12 at 5:00 pm UTC.
In a June 13 on-chain message, UwU wrote to the hacker, ” The Repayment deadline for the funds you stole has passed. A 5 Million Dollar bounty will be given to the first person to identify and locate you.” The company emphasizes that the bounty would be in ETH and paid out before any funds are recovered or charges are laid.
UwU Lend is a decentralized money market protocol enabling users to earn interest on deposits and borrow digital assets.
UwU Lend Requests Hacker to Return 80% of Funds After $20M Attack
The exploiter first targeted the UwU Lend protocol on June 10, resulting in a $20 million loss due to price manipulation. The exploit occurred in two stages, with hackers initially stealing $14 million, then an additional $6 million drained one hour later.
🚨ALERT🚨Hey @UwU_Lend, you are being attacked!
So far address got around $14M
More update will follow!
Please contact us to learn how to secure your digital assets!#CyversAlert pic.twitter.com/IND77hbTbH
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 10, 2024
UwU identified the vulnerability responsible for the exploit, which it stated was unique to the USDe market oracle. Price oracles are external services that offer real-time market data for assets. When manipulated, they can cause substantial losses for platforms and their users. In this instance, hackers exploited the price oracle to their advantage, resulting in an attack on UwU Lend. The protocol asserted that the vulnerability had been fixed, and all other markets had been “re-reviewed by industry professionals and auditors,” who found no issues or concerns.
(1/5)
The team has now identified the vulnerability, which was unique to the sUSDe market oracle and has now been 𝗿𝗲𝘀𝗼𝗹𝘃𝗲𝗱. All other markets have been re-reviewed by industry professionals and auditors with no issues or concerns found.
— UwU Lend (@UwU_Lend) June 12, 2024
UwU then requested the hacker to return 80% of the funds, allowing them to keep the remaining 20%. The team also assured the hacker that they would cease legal action. However, no response was received from the hacker. By Thursday, UwU Lend announced that the repayment period had ended. As a result, the protocol had to consider other options, leading to the creation of the $5 million bounty.
UwU Faces Second Hack of $3.5M During $20M Reimbursement Process
On June 13, UwU Lend faced another exploit, resulting in the theft of $3.7 million. On-chain data analytics platform Cyvers alerted the protocol to the attack, identifying the attackers as the same ones who carried out the previous $20 million exploit.
🚨ALERT🚨@UwU_Lend has suffered another security breach by the same attacker!
Total loss: $3.7M
Affected pools: uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, uUSDT
All stolen assets have been converted to $ETH and are located at the attacker's address: https://t.co/9TvwLh18P1To learn… https://t.co/AjcMS1Cdyl
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 13, 2024
The exploiter stole $3.5 million from various asset pools, specifically uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT. All stolen assets have been converted to Ether and are currently held at the attacker’s address: 0x841dDf093f5188989fA1524e7B893de64B421f47.
The lending protocol was actively reimbursing hack victims. It announced on X that it had fully repaid all bad debt for the Wrapped Ether (wETH) market, totaling 481.36 wETH valued at over $1.7 million. Overall, the protocol reimbursed more than $9.7 million.
Repaid so far:
• 3,522,427 $DAI
• 233,819 $crvUSD
• 4,225,000 $USDT
• 481.36 $wETH ($1,734,042)
Total: $9,715,288𝘛𝘩𝘢𝘯𝘬 𝘺𝘰𝘶 𝘧𝘰𝘳 𝘺𝘰𝘶𝘳 𝘤𝘰𝘯𝘵𝘪𝘯𝘶𝘦𝘥 𝘴𝘶𝘱𝘱𝘰𝘳𝘵 𝘢𝘯𝘥 𝘵𝘳𝘶𝘴𝘵! 💙#FundsAreUwU
— UwU Lend (@UwU_Lend) June 13, 2024
UWU Token Struggling to Maintain Price After $24M Combined Loss
Despite now losing a combined $24 million, the price of UWU, UwU Lend’s governance token, is only down 20% over the last week, according to CoinMarketCap. At the time of writing, UWU was trading at $2.47, representing a 6.95% decline in the past 24 hours. The token’s value has plummeted by 81%, resulting in a market cap of $26 million over the past year.
Read More
- Myro Price Prediction As MYRO Plunges 28% In a Week, Despite Paving A Path For Every Future Solana Coin
- Most Important Cryptos Other Than Bitcoin – Top 15 Bitcoin Alternatives 2024
- 20 Top Cryptocurrencies to Watch for 2024 – Detailed Reviews
- Next Cryptocurrency to Explode in 2024
Disclaimer: Cryptocurrency is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.