Bitcoin

UwU Lend Hit with $3.7 Million Attack Three Days After the $20 Million Attack

1 Mins read

UwU Lend, a crypto lending protocol, was exploited twice within three days as the attacker walked away with about $23.7 million. The first attack came on June 10, with the attacker walking away with $20 million in crypto from the platform. Today’s attack resulted in an additional loss of around $3.7 million.

The second exploit was an extension of the first as they still had funds left on the protocol, which they withdrew less than three days after the first incident. Essentially, the attacker conducted a flash loan exploit that allowed them to take advantage of a bug in the platform and manipulate asset prices. They swapped Ethena USDe (USDE) for other tokens, which lowered USDE and Staked Ethena USDe (SUSDE) on the platform’s pools.

Then, they proceeded to extract the SUSDE tokens at a discount by depositing other assets as collateral to borrow them. In this process, SUSDE’s price increased rapidly, which the attacker took advantage of by depositing the borrowed SUSDE to borrow more than possible amounts of CURVE DAO (CRV) tokens. This method was used to drain funds from UwU Lend in the millions.

The platform had just reimbursed its users who suffered losses because of the exploit on June 10 by about $9.7 million today. A few hours after the reimbursements, the attacker returned to siphon away $3.7 million from the platform. CertiK, the blockchain cybersecurity platform, stated that the attacker was withdrawing funds they had already gained access to three days ago.

They converted the assets they obtained from the lending platform on both occasions to ETH and sent the funds to their address – 0x841dDf093f5188989fA1524e7B893de64B421f47. The address was linked to withdrawals from both exploits, explaining that it was the same actor behind both incidents. They capitalized on a vulnerability in an oracle contract linked to the USDE price feeds.

Image by Darwin Laganzon from Pixabay


Source link

Related posts
Bitcoin

Nigerian Crypto Crackdown: Two More Firms Convicted, Forced to Cough Up $30,000

1 Mins read
A Nigerian court has convicted two more cryptocurrency firms, Egomsinachi Road Autos Limited and Chimera Log & Haulage Services Limited, for conducting…
Bitcoin

Trading Bitcoin Mining for AI Computing

3 Mins read
TLDR Galaxy Digital exploring AI pivot with 800MW Helios facility conversion plan Company signed preliminary deal with unnamed US hyperscaler for HPC…
Bitcoin

$9.3B ERC-20 Stablecoin Inflow to Exchanges Following Elections, Another Rally Coming?

2 Mins read
Donald Trump’s win triggered massive gains for not just digital assets but also crypto-related stocks, and ETF flows on November 6 and…

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *