Hacker removed $19 million worth of assets from the UwU Lend protocol

[Tomcat]

On June 10, Arkham Intelligence analysts warned about a possible hacking of the UwU Lend DeFi liquidity protocol. Preliminary damage was estimated at $19.3 million.

ALERT: Possible exploit on Uwulend

$19.3M removed so far.

Address:https://t.co/mDU0WTbE7S pic.twitter.com/Bx7cLbkrqE
— Arkham (@ArkhamIntel) June 10, 2024

https://twitter.com/x/status/1800143513016750135

According to researchers at Cyvers Alerts, the hacker withdrew funds in three transactions and has already started converting assets to ETH.

ALERT Our system has detected a series of suspicious transactions involving @UwU_Lend!

Attacker has executed 3 transactions and was able to get around $19.5M. But hack is still ongoing! Amount might increase. Right now attacker is swapping stolen digital assets to $ETH.… https://t.co/8cAB2NWwKV pic.twitter.com/V2RrqYagD2
— Cyvers Alerts (@CyversAlerts) June 10, 2024

https://twitter.com/x/status/1800142992973463783

Two days before the incident, he interacted with a Tornado Cash mixer to fund the hack. At the same time, the Cyvers analysis system detected the deployment of a malicious contract before moving funds.

Representatives of UwU Lend responded to the warnings about two hours after the attack began and announced the suspension of the protocol.

The protocol was paused a little under an hour ago while the team investigates the situation. Please rest assured that we were made aware of the situation immediately and are taking all necessary steps, doing our best here. Stay tuned for further updates.
— UwU Lend (@UwU_Lend) June 10, 2024

https://twitter.com/x/status/1800159455767843009

"Rest assured, we are immediately informed of the situation and we are taking all necessary measures and efforts. Stay tuned for further updates," the publication says.

According to journalist Colin Wu, UwU Lend was launched by the co-founder of the closed QuadrigaCX crypto exchange, Michael Patrin, known under the pseudonym 0xSifu.

The project is a fork of Aave and supports lending in the algorithmic stablecoin MIM.

 

[Tomcat]

On June 13, DeFi-the UwU Lend liquidity protocol was hacked for the second time in a week by the same hacker. This was reported by SlowMist specialists.

SlowMist Security Alert

We have detected that @UwU_Lend has suffered another loss of $3.72M.https://t.co/ttLSq0m18u

As always, stay vigilant! pic.twitter.com/6tz2e5NDwx
— SlowMist (@SlowMist_Team) June 13, 2024

https://twitter.com/x/status/1801161421138600443

The amount of damage amounted to $3.72 million in various assets. At the time of writing, the stolen funds are in the attacker's wallet after being converted to Ethereum.

ALERTHey @UwU_Lend, you are being targeted again by same hacker!

Look at this trx: https://t.co/RstdittKpK

More info will follow!

Want to keep your company off our alerts radar? Learn how to secure your assets: Book a Demo https://t.co/uUbFkFTp4h#CyversAlert pic.twitter.com/mMMTByHNkK
— Cyvers Alerts (@CyversAlerts) June 13, 2024

https://twitter.com/x/status/1801160124033093748

The creator of UwU Lend is the co-founder of the closed QuadrigaCX crypto exchange, Michael Patrin, known under the pseudonym 0xSifu. Neither he nor the protocol team has yet commented on the new incident.

 

[Tomcat]

The UwU Lend DeFi protocol team offered $5 million to identify the attacker.

"The refund period for the stolen funds has expired. A $5 million reward for the first person to identify and discover you," the on-chain message reads.

The developers promised to pay the funds in Ethereum before returning the stolen assets and initiating a case against the hacker.

The native token of the UWU protocol after the attacks sank by 18% — from $3.1 to $2.5, according to CoinGecko.