UwU Protocol Under Attack Again

The UwU Lend protocol, hacked for nearly $20 million on June 10, is under attack again in an ongoing cryptocurrency exploit. The fresh attack has shaken the crypto community, raising concerns about the protocol's security measures.

Onchain data analytic platform Cyvers sounded the alarm about the ongoing exploit. Cyvers suggests that the attackers are the same individuals responsible for the previous $20 million exploit. This revelation adds a layer of complexity to an already tense situation.

Assets Targeted in Latest Exploit

The ongoing exploit has already stolen $3.5 million from different asset pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT. All the stolen assets have been converted to ETH and are currently located at the attacker's address: 0x841dDf093f5188989fA1524e7B893de64B421f47.

First Exploit: A Case of Price Manipulation

The first UwU Lend exploit was a case of price manipulation. The attacker utilized a flash loan to swap USDe for other tokens, which led to a drop in the price of $USDe and $sUSDe. The attacker then deposited some of these to UwU Lend and lent more $sUSDe than expected, causing the $USDe price to rise.

Similarly, the attacker deposited sUSDe to UwU Lend and borrowed more CRV than anticipated. Through this price manipulation strategy, the attackers ultimately stole nearly $20 million in tokens. All the stolen funds were eventually converted into ETH.

"The latest exploit for the lending protocol occurred within three days of the $20 million exploit, and UwU started the reimbursement process earlier today, just hours before the second exploit."

Reimbursement Efforts Amidst New Attacks

The lend protocol was in the process of reimbursing previous hack victims when the new attack occurred. UwU took to X to announce that they had repaid all bad debt for the $wETH market, which amounted to 481.36 $wETH (~$1,734,042).

In total, the protocol has reimbursed $9,715,288. UwU claimed they had identified the vulnerability responsible for the initial exploit, asserting it was unique to the USDe market oracle.

They noted that the vulnerability has been resolved and claimed that all other markets have been "re-reviewed by industry professionals and auditors with no issues or concerns found."

Ongoing Concerns and Future Steps

The back-to-back exploits have put UwU Lend under scrutiny. The crypto community is eagerly waiting for further updates. Both the protocol and its users want enhanced security measures to prevent future attacks. As the situation unfolds, the focus remains on securing assets and rebuilding trust within the community.