UwU Lend Hacker Steals Yet any other $3.7 Million From Protocol
UwU Lend, the decentralized finance (DeFi) protocol that lost $20 million in an exploit on June 10, has been attacked again by the same hacker in the midst of a repayment course of for affected users.
Blockchain security company Cyvers alerted users on X to the continuing exploit on Thursday, with onchain data showing that the attacker stole an extra $3.7 million from the UwU Lend protocol.
The attacker exploited uDAI, uWETH, uLUSD, uFRAX, uCRVUSD and uUSDT asset swimming pools and has already converted the stolen funds to ether.
The June 10 exploit was as soon as done by manner of a flash loan attack, the place the attacker swapped the USDe stablecoin for other tokens, manipulating the designate of USDe and sUSDe.
The UwU Lend crew mentioned that they had identified and resolved that the vulnerability was as soon as bizarre to the sUSDe market oracle, and had unpaused the protocol and started paying off the protocol’s corrupt debt and reimbursing users.
UwU Lend repaid $9.7 million worth of corrupt debt, but for the reason that protocol aloof handled as official collateral and attacker aloof held a primary amount of these tokens from the main exploit, the attacker was as soon as aloof ready to empty UwU Lend’s other swimming pools.
Web3 security company MetaTrust Labs illustrious that the hacker veteran 60 million sUSDe from the outdated hack as collateral to empty the pool, and aloof holds 5 million sUSDe tokens.
UwU Lend was as soon as created by collapsed crypto commerce QuadrigaCX co-founder Michael Patryn or “0xSifu,” who equipped the hacker a 20% bounty in commerce for returning 80% of the stolen funds.
That offer looks to be off the desk in accordance with Sifu’s most as a lot as the moment blockchain message to the hacker.
“Repayment closing date for the funds you stole has handed. 5 million buck bounty to the main person to name and hit upon you, paid in ETH,” wrote Sifu.
Source credit : unchainedcrypto.com
