Contact

info@th3fus3.com



© 2024 TheFuse. All rights reserved.

UwU Protocol Under Second Hack While Sorting out the First

By Anthony Burr | TH3FUS3 Managing Editor

June 13, 2024 02:36 PM

Reading time: 2 minutes, 3 seconds

TL;DR The UwU Lend protocol, previously hacked for nearly $20 million, is facing another exploit. The ongoing attack has already resulted in a $3.5 million loss. Both attacks appear to involve the same perpetrators.

UwU Protocol Under Attack Again

The UwU Lend protocol, hacked for nearly $20 million on June 10, is under attack again in an ongoing cryptocurrency exploit. The fresh attack has shaken the crypto community, raising concerns about the protocol's security measures.

Onchain data analytic platform Cyvers sounded the alarm about the ongoing exploit. Cyvers suggests that the attackers are the same individuals responsible for the previous $20 million exploit. This revelation adds a layer of complexity to an already tense situation.

Assets Targeted in Latest Exploit

The ongoing exploit has already stolen $3.5 million from different asset pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT. All the stolen assets have been converted to ETH and are currently located at the attacker's address: 0x841dDf093f5188989fA1524e7B893de64B421f47.

First Exploit: A Case of Price Manipulation

The first UwU Lend exploit was a case of price manipulation. The attacker utilized a flash loan to swap USDe for other tokens, which led to a drop in the price of $USDe and $sUSDe. The attacker then deposited some of these to UwU Lend and lent more $sUSDe than expected, causing the $USDe price to rise.

Similarly, the attacker deposited sUSDe to UwU Lend and borrowed more CRV than anticipated. Through this price manipulation strategy, the attackers ultimately stole nearly $20 million in tokens. All the stolen funds were eventually converted into ETH.

"The latest exploit for the lending protocol occurred within three days of the $20 million exploit, and UwU started the reimbursement process earlier today, just hours before the second exploit."

Reimbursement Efforts Amidst New Attacks

The lend protocol was in the process of reimbursing previous hack victims when the new attack occurred. UwU took to X to announce that they had repaid all bad debt for the $wETH market, which amounted to 481.36 $wETH (~$1,734,042).

In total, the protocol has reimbursed $9,715,288. UwU claimed they had identified the vulnerability responsible for the initial exploit, asserting it was unique to the USDe market oracle.

They noted that the vulnerability has been resolved and claimed that all other markets have been "re-reviewed by industry professionals and auditors with no issues or concerns found."

Ongoing Concerns and Future Steps

The back-to-back exploits have put UwU Lend under scrutiny. The crypto community is eagerly waiting for further updates. Both the protocol and its users want enhanced security measures to prevent future attacks. As the situation unfolds, the focus remains on securing assets and rebuilding trust within the community.

Share this

Similar news
cryptocurrency

SEC Sets Target on Yet Another Crypto Market Maker

Crypto Market Maker Faces Legal Battle

October 11, 2024 01:00 PM
cryptocurrency

Striple Scores One-Day, 70-Country Stablecoin Payment Success

Stripe had previously discontinued Bitcoin payments due to high fees and slow confirmation times

October 11, 2024 11:59 AM
cryptocurrency

Whales Move 81M XRP Tokens. What's Cooking?

This move and the SEC battle is part of Ripple's ongoing struggles to finally see its day under the sun

October 11, 2024 11:53 AM
All results loaded