UwU Lend, a cryptocurrency lending platform, faced a double attack within a short span of three days, resulting in a total loss of $23.7 million. The initial attack occurred on June 10, where the attacker managed to steal $20 million in crypto from the platform. The second attack, which took place recently, led to an additional loss of approximately $3.7 million.
This latest exploit was essentially a continuation of the first attack, with the attacker exploiting remaining funds on the platform that were not affected in the initial breach. By using a flash loan exploit, the attacker was able to manipulate asset prices by taking advantage of a bug in the platform. This involved swapping Ethena USDe (USDE) for other tokens, causing a decrease in the value of USDE and Staked Ethena USDe (SUSDE) on the platform’s pools.
Subsequently, the attacker proceeded to acquire SUSDE tokens at a reduced price by using other assets as collateral to borrow them. This led to a rapid increase in the price of SUSDE, allowing the attacker to deposit the borrowed SUSDE in order to borrow an excessive amount of CURVE DAO (CRV) tokens. Through this method, the attacker drained millions of dollars from UwU Lend.
Following the initial attack on June 10, UwU Lend had just compensated its users for their losses, amounting to approximately $9.7 million, before being targeted again by the attacker who took an additional $3.7 million from the platform. According to CertiK, a blockchain cybersecurity platform, the attacker exploited a vulnerability in an oracle contract associated with the USDE price feeds.
In both instances, the attacker converted the stolen assets into Ethereum (ETH) and transferred the funds to a specific address – 0x841dDf093f5188989fA1524e7B893de64B421f47. This address was identified as the source of withdrawals from both attacks, indicating that the same individual was responsible for both incidents. The attacker’s ability to exploit weaknesses in the platform’s security measures highlights the ongoing challenges faced by cryptocurrency platforms in safeguarding users’ funds.
It is crucial for cryptocurrency platforms to continuously enhance their security protocols and conduct thorough audits to identify and address potential vulnerabilities. The recent attacks on UwU Lend underscore the importance of implementing robust security measures to protect against malicious actors seeking to exploit weaknesses in the system. Users should also exercise caution and conduct due diligence before engaging with cryptocurrency platforms to mitigate the risks associated with such attacks.