The UwU exploiter strikes again and steals $3.5 million from the lend protocol as it begins reimbursing hack victims.
The UwU Lend protocol, which suffered a $20 million hack on June 10, has been hit again by another attack in an ongoing cryptocurrency exploit.
On-chain data analytics platform Cyvers alerted the protocol to the attack, indicating that the perpetrators were the same individuals responsible for the previous $20 million exploit.
This new exploit has resulted in the theft of $3.5 million from various asset pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT. The stolen assets have been converted to Ether and are currently located at the attacker’s address: “0x841dDf093f5188989fA1524e7B893de64B421f47.”
First Exploit Was Caused by Price Manipulation
The latest attack on the lending protocol occurred just three days after the initial $20 million exploit. UwU Lend had only started the reimbursement process earlier today, mere hours before this second exploit.
The first exploit on UwU Lend was a result of price manipulation. The attacker used a flash loan to swap USDe for other tokens, which led to a significant drop in the price of USDe and sUSDe. They then deposited these tokens into UwU Lend and borrowed more sUSDe than expected, causing the price of USDe to increase.
In a similar fashion, the attacker deposited sUSDe into UwU Lend and borrowed more CRV than anticipated. Ultimately, the attackers managed to steal nearly $20 million in tokens through these manipulative tactics. All the stolen funds were then converted into ETH.
This repeated breach highlights significant vulnerabilities within the protocol, calling for urgent security enhancements to prevent further losses and restore user trust.
Summary Review: The repeated attacks on UwU Lend underscore the critical need for enhanced security measures within the protocol. The recent theft of $3.5 million, coming just days after a $20 million exploit, reveals significant vulnerabilities and the persistent threat posed by sophisticated attackers. As UwU Lend begins the reimbursement process for its users, it must also prioritize fortifying its defenses to prevent future breaches. Addressing these security gaps is essential to restoring user trust and ensuring the long-term stability and reliability of the platform.
Disclaimer: Remember that nothing in this article and everything under the responsibility of Web30 News should be interpreted as financial advice. The information provided is for entertainment and educational purposes only. Investing in cryptocurrency involves inherent risks and potential investors should be aware that capital is at risk and returns are never guaranteed. It is imperative that you conduct thorough research and consult with a qualified financial advisor before making any investment decision.
