UwU Lend faces second hack during $20M reimbursement process

The UwU Lend protocol, which was hacked for nearly $20 million on June 10, is under attack again in an ongoing cryptocurrency exploit.

Onchain data analytics platform Cyvers alerted the protocol to the attack, claiming the attackers were the same as the ones who  carried out the previous $20 million exploit .

The ongoing exploit has already stolen $3.5 million from different asset pools, namely uDAI, uWETH, uLUSD, uFRAX, uCRVUSD and uUSDT. All stolen assets have been converted to Ether ( ETH ) and are located at the attacker’s address:  0x841dDf093f5188989fA1524e7B893de64B421f47 .

First exploit was caused by price manipulation

The latest exploit for the lending protocol occurred within three days of the $20 million exploit, and UwU started the reimbursement process earlier today, just hours before the second exploit. 

The first UwU Lend exploit was caused by price manipulation. The attacker first used a flash loan to swap USDe for other tokens, which led to a lower price of Ethena USDe (USDE) and Ethena Staked USDe (SUSDE). The attacker then deposited the tokens to UwU Lend and lent more SUSDE than expected, driving the USDE price higher.

Similarly, the attacker deposited SUSDE to UwU Lend and borrowed more Curve DAO (CRV) than expected. Ultimately, the attackers stole nearly $20 million in tokens through price manipulation. The exploiter then converted all the stolen funds into ETH.

Related: Crypto hacks increase in 2024, but smart contracts not to blame

UwU was in the process of reimbursing previous hack victims

The lend protocol was in the process of reimbursing hack victims and took to X to announce that it had repaid all bad debt for the Wrapped Ether (wETH) market, amounting to 481.36 wETH worth over $1.7 million. In total, the protocol reimbursed over $9.7 million.

UwU claimed that they had identified the vulnerability responsible for the exploit and claimed it was unique to the USDe market oracle.

The protocol noted that the vulnerability has been resolved, and all other markets have been "re-reviewed by industry professionals and auditors with no issues or concerns found."

Crypto security firm CertiK told Cointelegraph that the ongoing exploit is not the same vulnerability but is a consequence of having been exploited on June 10. CertiK explained that the attacker gained a number of uUSDE tokens from the first exploit, which they were still holding.

Although the protocol was paused, “the UwULend protocol still considered uUSDE as legitimate collateral, which allowed the attackers to exploit the remaining uUSDE and drain the remaining pools of the UwULend protocol,” CertiK said.

Magazine: Caitlyn Jenner meme coin ‘mastermind’s’ celebrity price list leaked