UwU Lend's First Attack

On June 10, DeFi project UwU Lend was hit by a sophisticated attack that took $19.3 million. The attack seemingly involved using flash loans to exploit the protocol. The project quickly addressed the situation by pausing the protocol and assured users that most assets were safe.

Additionally, the team offered a $4 million white hat bounty to return the funds. The list of stolen assets included Wrapped Ethereum (wETH), Wrapped Bitcoin (wBTC), Curve DAO (CRV), Tether (USDT), Staked USDe (sUSDE), and others.

How the Exploit Unfolded

Blockchain security firm Beosin revealed that the attacker manipulated the price of USDe (USDE) by swapping it for other tokens through flash loans. This move lowered the prices of USDe and sUSDE.

Following the price manipulation, the hacker deposited part of the tokens to UwU Lend and "lent more $sUSDe than expected," driving USDe's price higher. Similarly, the attacker deposited the sUSDE to the DeFi protocol and borrowed CRV.

Protocol Paused and Resumed

On Wednesday, UwU Lend informed users that its team had identified the vulnerability. Per the post, it was a vulnerability unique to the sUSDE market oracle and had been resolved at the time of the report.

As a result, the protocol was unpaused, and the markets were slowly relaunched to resume normal operations. The DeFi project also announced it would repay all its bad debt and that users' funds had not been lost during the exploit, claiming that their funds "are safe at UwU Lend."

The Second Attack

What seemed to be the end of the story turned out to be the first installment of a saga. On Thursday, reports of a second attack on UwU Lend appeared as the protocol carried out its reimbursement process.

According to the reports, the same attacker drained another $3.7 million from the DeFi protocol before converting the funds to ETH again. The affected pools included uDAI, uWETH, uLUSD, uFRAX, UCRVUSD, and uUSDT.

The crypto community expressed concern about the second attack, with many questioning whether their funds were indeed safe. Users started to joke that funds were not "safe" but "with Sifu" instead.

Founder Michael Patryn's Shadow

UwU Lend was founded by Michael Patryn, also known as Sifu. Patryn was the co-founder of the now-collapsed QuadrigaCX. As Bitcoinist reported, Canadian authorities were pursuing an unexplained wealth order (UWO)** against Sifu for his involvement in the exchange's criminal activities.

The DeFi project has paused the protocol for the second time this week, and the situation is being investigated. However, online reports claim that the second exploit was caused by a vulnerability similar to the first attack.

MetaTrust Labs explained the hacker seemingly used 60 million uSUSDE obtained from Monday's hack "as collateral to drain the pool."

The news caused users to wonder whether the UwU Lend team was unaware of the tokens in the attacker's wallet. Some also questioned why they didn't stop supporting the sUSDE collateral.

At the time of writing, an official explanation for the second exploit has not been published.