UwU Lend Offers $5M Bounty For Information On Attacker

As a seasoned crypto investor with several years of experience under my belt, I’m always on the lookout for promising projects and potential risks. The recent developments surrounding UwU Lend have left me both intrigued and concerned.


The creators of UwU Lend’s protocol have announced a reward of five million dollars for anyone who manages to uncover the identity of the person responsible for exploiting their system twice.

The hacker behind the UwU Lend protocol has stolen a combined $24 million over two attacks. 

UwU Lend Team Offers Bounty

As an analyst, I’ve come across some troubling news regarding DeFi lending protocol UwU Lend. Over the past three days, this platform has experienced two separate hacking incidents. The second attack occurred during the reimbursement process following the first breach, on Thursday. Prior to this, the team had granted a deadline for the hacker to return 80% of the stolen funds. Unfortunately, after this deadline elapsed, they issued an on-chain message to the perpetrator, communicating their demand.

As a financial analyst, I can tell you that the due date for returning the sum you unlawfully obtained has elapsed. A reward of five million dollars awaits anyone who successfully identifies and apprehends you.

A representative from UwU announced that a reward of $5 million in Ethereum (ETH) is ready for the person who successfully identifies the culprit behind the two recent hacks. This announcement follows the June 13th incident, during which the same hacker managed to steal funds from UwU’s uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT pools. Cyvers, a well-known blockchain security firm, confirmed that these exploits were orchestrated by the same hacker targeting the protocol.

The First Exploit 

On June 10th, UwU Lend experienced an exploit resulting in a significant loss of approximately $19.3 million. This incident was facilitated through flash loans. Post-exploit, the UwU Lend team took immediate action to halt the protocol’s operations for user safety. They also extended an invitation to the hacker, proposing a $4 million reward – commonly known as a white hat bounty – in exchange for returning the stolen assets, which included wETH, wBTC, CRV, USDT, sUSDe, and other specified tokens.

As a security analyst at Beosin, I’ve uncovered some intriguing findings regarding recent price manipulation of the USDe token. An attacker exploited flash loans to swap USDe for other tokens, subsequently causing its price to drop along with sUSDe. Following this move, the hacker transferred some of these acquired tokens to UwU Lend and used them as collateral to lend out more sUSDe. By doing so, they artificially inflated the price of USDe. Employing a similar strategy, the attacker borrowed CRV using sUSDe as collateral and repeated the process.

Starting from Wednesday, UwU Lend’s team acknowledged discovering the cause of the security breach responsible for the exploit. They promptly addressed the issue, enabling them to resume operations and reactivate the markets. Additionally, they pledged to make good on all outstanding loans (bad debts) and assured users that their funds remained untouched throughout the incident.

The Second Attack

As an analyst, I’d rephrase that as follows: On Thursday, during the ongoing reimbursement process for UwU Lend, I observed a second attack on the protocol. The same attacker managed to siphon off an additional $3.7 million from the impacted pools – uDAI, uWETH, uLUSD, uFRAX, UCRVUSD, and uUSDT. This exploit was facilitated through a price manipulation tactic, resulting in the stolen funds being converted into ETH.

As a concerned crypto investor, I couldn’t help but feel uneasy after the latest attack on UwU Lend and the subsequent pause in operations. Questions swirled around the community about the security of our funds following this unfortunate incident. The protocol had to halt its activities once again to thoroughly investigate the exploit that led to the attack.

Read More

2024-06-15 00:13