Thursday Newsletter

Explore the latest trends, gain valuable insights, and stay informed in the dynamic cryptocurrency ecosystem.

13 June 2024

Another Hack Targets UwU Lend, Stealing $3.5 Million as Reimbursement Process Begins

UwU Lend, recently hacked for nearly $20 million, faces a second exploit, resulting in the theft of an additional $3.5 million. The attack coincides with the protocol’s efforts to reimburse victims of the initial hack.

On-chain analytics platform Cyvers reported the latest exploit, linking it to the same attackers responsible for the $20 million breach. The new exploit has targeted various asset pools including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT. The stolen assets have been converted to Ether (ETH) and are held at the attacker’s address: 0x841dDf093f5188989fA1524e7B893de64B421f47.

Initial Hack Due to Price Manipulation

The first hack on UwU Lend involved price manipulation. The attackers used a flash loan to swap USDe for other tokens, causing a drop in the price of Ethena USDe (USDE) and Ethena Staked USDe (SUSDE). They then deposited these tokens to UwU Lend, borrowed more SUSDE than expected, and drove the USDE price higher.

Subsequently, the attackers deposited SUSDE and borrowed more Curve DAO (CRV) tokens than anticipated, ultimately stealing nearly $20 million. All stolen funds were converted into ETH.

Reimbursement Process Underway

UwU Lend had started reimbursing victims of the initial hack, announcing the repayment of all bad debt for the Wrapped Ether (wETH) market, totaling 481.36 wETH worth over $1.7 million. The protocol has reimbursed over $9.7 million in total.

UwU Lend identified the vulnerability responsible for the initial exploit, which was unique to the USDe market oracle. The protocol claimed that the vulnerability had been resolved and that all other markets had been thoroughly reviewed by industry professionals and auditors with no issues found.

Ongoing Exploit Linked to Previous Attack

Crypto security firm CertiK informed Cointelegraph that the ongoing exploit stems from the initial hack. The attackers retained a number of sUSDE tokens from the first exploit. Despite pausing the protocol, UwU Lend still considered sUSDE as legitimate collateral, enabling the attackers to exploit these tokens and drain the remaining pools.

As UwU Lend continues to address these security challenges, the cryptocurrency community remains vigilant in tracking the developments surrounding the protocol’s exploits and reimbursements.