You are Being Attacked! UwU Lend Loses $20 Million in Flash Loan Attack

2 Mins read


  1. UwU Lend, a decentralized finance (DeFi) protocol, was hacked for nearly $20 million on Monday, June 10.
  2. The attack was first discovered by on-chain security firm Cyvers, which alerted UwU Lend about the ongoing exploit.
  3. The attacker used a flash loan to manipulate the price feed and exploit a vulnerability in the protocol’s price oracle system.
  4. UwU Lend co-founder Michael Patryn, also known as 0xSifu, offered the hacker a 20% bounty (around $4 million) to return the remaining stolen funds.
  5. The incident highlights the vulnerabilities within DeFi platforms and the need for stronger security measures to prevent similar attacks in the future.

The decentralized finance (DeFi) protocol UwU Lend has become the latest victim of a major cryptocurrency hack, with attackers siphoning nearly $20 million worth of digital assets on Monday, June 10.

The ongoing exploit was first discovered by on-chain security firm Cyvers, which promptly alerted UwU Lend about the attack.

In a post on social media platform X (formerly Twitter), Cyvers wrote, “Hey @UwU_Lend, you are being attacked! So far address got around $14M…” As the attack unfolded, the total amount stolen quickly surpassed the $20 million mark, making it one of the most significant crypto hacks of the year.

UwU Lend, a protocol that allows users to deposit and borrow cryptocurrency, was founded in September 2022 by Michael Patryn, also known as 0xSifu.

Patryn is a controversial figure in the crypto space, best known for co-founding the now-defunct QuadrigaCX exchange.

Despite its relatively short history, UwU Lend had amassed an impressive $91 million in Total Value Locked (TVL) before the exploit.

Investigations by blockchain security firms Cyvers and Beosin have revealed that the attacker employed a sophisticated strategy to carry out the theft.

By utilizing a flash loan, the hacker was able to manipulate the price feed of the protocol’s stablecoin, USDe, and its synthetic version, sUSDe.

This manipulation allowed the attacker to exploit a critical vulnerability in UwU Lend’s price oracle system, enabling them to drain the protocol’s funds.

The root cause of the exploit, according to Matthew Jiang, director of security services at Blocksec, was an improperly designed blockchain Oracle.

Oracles are vital components of DeFi platforms, responsible for providing accurate price data to the protocol. When these systems are not adequately secured or designed, they become prime targets for attackers looking to exploit weaknesses and steal funds.

In the wake of the attack, UwU Lend co-founder Michael Patryn took an unconventional approach to recover the stolen funds. Patryn, who has a checkered past in the crypto industry, sent a blockchain message to the hacker, offering a 20% bounty (approximately $4 million) in exchange for the return of the remaining 80% of the stolen assets.

The message also included a threat to pursue the hacker “from all angles” if they did not comply with the offer by June 12 at 17:00 UTC.

The message to the hacker: Ethscan
The message to the hacker: Etherscan

While such bounty offers are not uncommon in the crypto world, they are rarely accepted by hackers. However, there have been instances where attackers have returned a portion of the stolen funds in response to similar proposals.

Source link

Related posts

Top Crypto Gainers Today Jun 12 - Stacks, Helium, Aelf, Kaspa

6 Mins read
Join Our Telegram channel to stay up to date on breaking news coverage The crypto market has recently experienced a significant downturn,…

Bitcoin Has Key Support At $62,300, Will BTC Bulls Win After FOMC?

2 Mins read
Bitcoin is recovering but still under immense liquidation pressure when writing. As BTC faces headwinds, the zone between $70,000 and $72,000 is…

Optimism Activates Fault-Proofs On Mainnet, OP Is Down 55% In 3 Months

2 Mins read
In a major milestone for Ethereum and layer-2s, Optimism, a layer-2 scaling platform for the second most valuable network, has announced the…



Leave a Reply

Your email address will not be published. Required fields are marked *