DeFi

UwU Lend hacked again for $3.7 million in payback plan for first attack – DL News

Published

7 months ago

on

  • UwU hacker Lend returns to grab another $3.7 million.
  • The lending protocol was hacked on Monday using a $23 million flash loan.

UwU Lend users rejoiced on Wednesday after the lending protocol said it was able to fully reimburse victims of its recent $23 million exploit.

But their celebrations were cut short when at 7:46 a.m. London time the same hacker returned to take another $3.7 million.

This is despite UwU Lend offer the hacker a 20% bounty – worth $4 million – to return user funds upon the first hack.

The second hack comes after UwU Lend said in a June 12 statement Message that it had identified and fixed the vulnerability in its sUSDe marketplace that the hacker had previously exploited.

“All other markets have been re-examined by industry professionals and auditors without any issues or concerns being detected,” the protocol states.

UwU Lend did not return a request for comment.

UwU Lend began refunding its users on Wednesday after the $23 million exploit temporarily took it offline.

As of 5 a.m. Thursday, the protocol said it had refunded approximately $9.7 million stolen in the first hack.

Join the community to receive our latest stories and updates

“The protocol will reimburse all bad debts, as quickly as reasonably possible,” UwU Lend said. “We are pleased to report that no user funds were lost due to this process.”

UwU loan controversial Founder Michael Patryn, better known by his pseudonym 0xSifu, previously offered to drop all charges if the hacker returned 80% of the stolen crypto, worth around $18 million.

Oracle Attack

On Monday, a hacker used a $4 billion flash loan to manipulate the price of certain tokens on UwU Lend, allowing them to dump the protocol.

A flash loan is a type of DeFi transaction in which a user borrows funds from a lending protocol and repays them in the same transaction.

Although flash loans are often used by market makers to quickly arbitrage price differences in DeFi markets, they also enable exploits that require large amounts of capital to complete.

Circuit founder Martin Derka – who co-developed a tool to detect flash loan-based exploits while working at crypto security firm Quantstamp – said such exploits were notorious in DeFi.

“These types of vulnerabilities are typically very difficult to discover during smart contract audits, because they require in-depth knowledge of multiple protocols: those being audited and those being used as oracles,” he said. DL News.

“There are also not enough automated tools capable of discovering such vulnerabilities. »

Launching in 2022, UwU Lend is a fork of Aave, the largest DeFi lending protocol with $12.4 billion in deposits.

A fork is where a team of developers uses the open source code of an existing DeFi protocol to launch a similar protocol – often on a different blockchain or with minor modifications.

But changes to Aave’s code allowed the hacker to drain UwU Lend. The protocol used easy-to-manipulate oracles – software that provided it with the prices of various tokens.

UwU Lend’s UWU token is down 15% over the past week and is trading at around $2.70.

Aleks Gilbert is a DeFi correspondent at DL News. Do you have any advice? Send him an email to aleks@dlnews.com.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version