- UwU Lend has been targeted in a second exploit, losing $3.5 million across various asset pools just days after a previous $20 million hack.
- The attackers, identified as the same individuals from the prior incident, converted the stolen assets into Ether, accumulating them in a known address.
- Despite efforts to secure the platform after the first exploit, vulnerabilities in handling previously exploited tokens facilitated the latest breach.
The cryptocurrency lending platform UwU Lend is enduring a continued onslaught from cybercriminals, who have launched a second attack within days of a previous $20 million exploit. The latest breach has already resulted in the theft of $3.5 million from various asset pools. Cyvers, an onchain data analytics firm, first alerted UwU Lend of the renewed attack, noting that the same perpetrators were involved.
Mechanics of the Exploits
The initial attack leveraged a price manipulation scheme involving flash loans and swaps that artificially depressed and then inflated prices of specific tokens, enabling the attackers to borrow and steal large quantities. Crypto analytic firm CertiK explained that while the vulnerability exploited on June 10 had been addressed, the attackers retained a number of sUSDE tokens from that exploit. Despite the protocol being paused, these tokens were still recognized as legitimate collateral by UwU Lend, allowing the attackers to further drain the protocol’s pools.
Response and Reimbursement Efforts
Prior to the second attack, UwU Lend had begun reimbursing users affected by the first exploit, announcing the repayment of all bad debt in the Wrapped Ether (wETH) market, totaling over $1.7 million or 481.36 wETH. In total, more than $9.7 million had been reimbursed.
The lend protocol had identified and claimed to have resolved the vulnerability linked to the USDe market oracle following the first exploit. They assured that all other markets had been re-evaluated by industry professionals and auditors, who found no further issues.
Looking Forward
As UwU Lend grapples with these security challenges, the broader crypto community continues to face questions about the robustness of smart contracts and the platforms that utilize them. The recurring nature of the attacks on UwU Lend underscores the complexity and ongoing risks associated with securing decentralized finance (DeFi) platforms against sophisticated cyber threats.
