Sunday , December 22 2024
Home / Crypto news / UwU Lend Hit with $3.7 Million Attack Three Days After the $20 Million Attack

UwU Lend Hit with $3.7 Million Attack Three Days After the $20 Million Attack

Summary:
UwU Lend, a crypto lending protocol, was exploited twice within three days as the attacker walked away with about .7 million. The first attack came on June 10, with the attacker walking away with million in crypto from the platform. Today’s attack resulted in an additional loss of around .7 million. The second exploit was an extension of the first as they still had funds left on the protocol, which they withdrew less than three days after the first incident. Essentially, the attacker conducted a flash loan exploit that allowed them to take advantage of a bug in the platform and manipulate asset prices. They swapped Ethena USDe (USDE) for other tokens, which lowered USDE and Staked Ethena USDe (SUSDE) on the platform’s pools. Then, they proceeded to extract the SUSDE tokens at a

Topics:
Suraj Manohar considers the following as important: , , ,

This could be interesting, too:

Bilal Hassan writes Morocco to Become First Developing Country with Clear Crypto Regulations

Bilal Hassan writes Cryptopia Liquidators Distribute 0 Million to Victims of 2019 Hack

Bilal Hassan writes Mo Shaikh Steps Down as CEO of Aptos Labs to Start New Chapter

Bilal Hassan writes South Korean Lawmaker Sentenced for Concealing Crypto Holdings

UwU Lend, a crypto lending protocol, was exploited twice within three days as the attacker walked away with about $23.7 million. The first attack came on June 10, with the attacker walking away with $20 million in crypto from the platform. Today’s attack resulted in an additional loss of around $3.7 million.

The second exploit was an extension of the first as they still had funds left on the protocol, which they withdrew less than three days after the first incident. Essentially, the attacker conducted a flash loan exploit that allowed them to take advantage of a bug in the platform and manipulate asset prices. They swapped Ethena USDe (USDE) for other tokens, which lowered USDE and Staked Ethena USDe (SUSDE) on the platform’s pools.

Then, they proceeded to extract the SUSDE tokens at a discount by depositing other assets as collateral to borrow them. In this process, SUSDE’s price increased rapidly, which the attacker took advantage of by depositing the borrowed SUSDE to borrow more than possible amounts of CURVE DAO (CRV) tokens. This method was used to drain funds from UwU Lend in the millions.

The platform had just reimbursed its users who suffered losses because of the exploit on June 10 by about $9.7 million today. A few hours after the reimbursements, the attacker returned to siphon away $3.7 million from the platform. CertiK, the blockchain cybersecurity platform, stated that the attacker was withdrawing funds they had already gained access to three days ago.

They converted the assets they obtained from the lending platform on both occasions to ETH and sent the funds to their address – 0x841dDf093f5188989fA1524e7B893de64B421f47. The address was linked to withdrawals from both exploits, explaining that it was the same actor behind both incidents. They capitalized on a vulnerability in an oracle contract linked to the USDE price feeds.

Image by Darwin Laganzon from Pixabay

Leave a Reply

Your email address will not be published. Required fields are marked *