The exploited hits once more, siphoning off $3.5 million from the lending protocol just as it reimburses victims of a previous hack.
Decentralized finance (DeFi) platform UwU Lend has suffered a significant breach, losing 1,064 ETH, valued at approximately $3.7 million.
According to Lookonchain data, the attack was notably carried out by the same hacker who previously exploited the platform. The breach has raised concerns about the quality of security measures deployed by the DeFi platform.
The previous UwU Lend exploit was a result of price manipulation. The attacker used a flash loan to exchange USDe for other tokens, causing the price of Ethena USDe (USDE) and Ethena Staked USDe (SUSDE) to drop. They then deposited these tokens into UwU Lend and borrowed more SUSDE than anticipated, increasing the USDE price.
Furthermore, the attacker deposited SUSDE into UwU Lend and borrowed more Curve DAO (CRV) tokens than anticipated. Ultimately, they stole nearly $20 million in tokens through price manipulation. The exploiter then converted all the stolen funds into ETH.
The Same Attacker Strikes
Despite UwU Lend’s effort to patch vulnerabilities exposed in the initial attack, after attacking the platform three times in two days, losing a total of 4,907 ETH, worth approximately $17.1 million.
Etherscan noted that the platform lost 5,971 ETH, which is valued at roughly $20.9 million in the exploits combined.
The recent news of the security breach has impacted the UwU Lend community. Users have expressed concerns over the reoccurring security failures. The platform’s native token (UWU) experienced a significant drop following the announcement.
UwU Lend claimed it had identified the vulnerability that led to the exploit, stating that the issue was specific to the USDe market oracle.
The protocol noted that the vulnerability had been fixed and reviewed by industry professionals and auditors, and no issues were detected.
The Lend protocol announced on the X platform that it had completed reimbursing all bad debt in the Wrapped Ether (wETH) market, totaling 481.36 wETH, valued at over $1.7 million. The protocol has reimbursed more than $9.7 million to hack victims.
Exploit Victims
Meanwhile, UwU Lend is not the only firm that has been exploited. On April 20, 204, Decentralized finance and on-chain token vesting platform Hedgey Finance was hacked of approximately $44.7 million in cryptocurrencies after malicious actors exploited security bugs in its token contracts on two blockchains. Also, DeFi protocol Deus Finance lost roughly $6.3 million in bug exploit.
