As an experienced analyst, I find the recent exploits of UwU Lend, a crypto lending protocol, deeply concerning. The attacker’s ability to exploit the platform twice within three days and walk away with about $23.7 million is not only alarming but also a clear indication of the vulnerabilities that exist in decentralized finance (DeFi) platforms.
As a crypto investor, I’ve unfortunately had to deal with some disappointing news regarding UwU Lend, a crypto lending protocol that I’ve been following. Within just three days, this platform was exploited not once, but twice. The first attack occurred on June 10, resulting in a significant loss of approximately $20 million in crypto for the platform. Today, we learned about another attack, adding to the damage with an additional loss of roughly $3.7 million. It’s a tough pill to swallow for those invested in UwU Lend.
The second attack was a continuation of the initial one since they still had available funds in the protocol. Approximately three days after the first event, the hacker executed a flash loan assault, taking advantage of a glitch in the system to manipulate token prices. They exchanged Ethana USDe (USDE) for other cryptocurrencies, leading to a decrease in USDE and Staked Ethana USDe (SUSDE) within the platform’s pools.
After that, they managed to obtain discounted SUSDE tokens by pledging different assets as security. The value of SUSDE surged dramatically, enabling the attacker to borrow a larger quantity of CRV tokens than permitted using this strategy. This tactic led to the draining of millions from UwU Lend.
On June 10, the users who experienced losses due to the exploit on the platform were compensated with approximately $9.7 million. A short while later, the same attacker managed to steal an additional $3.7 million from the platform. According to CertiK, this second transaction represented funds that the attacker had already acquired three days prior.
I analyzed the transactions and discovered that the obtained assets were transformed into ETH in both instances, which were then transferred to my address: 0x841dDf093f5188989fA1524e7B893de64B421f47. Notably, this address was associated with withdrawals from both exploits, indicating that the same entity was responsible for both incidents. I took advantage of a weakness in an oracle contract linked to USDE price feeds.
Image by Darwin Laganzon from Pixabay
Read More
- W PREDICTION. W cryptocurrency
- PENDLE PREDICTION. PENDLE cryptocurrency
- AAVE PREDICTION. AAVE cryptocurrency
- ZETA PREDICTION. ZETA cryptocurrency
- FutureNet Co-Founder Roman Ziemian Arrested in Montenegro Over $21M Theft
- AEVO PREDICTION. AEVO cryptocurrency
- NCT PREDICTION. NCT cryptocurrency
- USD HUF PREDICTION
- GAMMA PREDICTION. GAMMA cryptocurrency
- APFC PREDICTION. APFC cryptocurrency
2024-06-13 22:04