Decentralized finance protocol UwU Lend has suffered another exploit from the same attacker, costing it $3.7 million worth of stolen funds.
UwU Lend, an Ethereum-based lending and liquidity protocol, has apparently suffered another hack from the same attacker, who exploited the protocol two days ago for nearly $20 million.
🚨ALERT🚨@UwU_Lend has suffered another security breach by the same attacker!
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 13, 2024
Total loss: $3.7M
Affected pools: uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, uUSDT
All stolen assets have been converted to $ETH and are located at the attacker's address: https://t.co/9TvwLh18P1
To learn… https://t.co/AjcMS1Cdyl
According to data from Cyvers Alerts, the hacker drained $3.7 million in liquidity from pools including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT. All stolen assets have been converted to ETH and are currently held at the attacker’s address, the firm added.
As noted by an X user under the alias @CryptoEvgen, the hacker used funds “stolen during the first hack for this new attack.” The cause of the latest incident remains unclear, and UwU Lend has yet to make a public statement on the matter.
The latest incident comes just two days after UwU Lend lost $20 million worth of crypto, what the protocol described as a “sophisticated attack.” As crypto.news reported, the attacker seemingly utilized Curve LlamaLend as the “exit liquidity” for the attack.
UwU Lend was founded by Michael Patryn, also known as Omar Dhanani or “0xSifu,” who is a co-founder of the ill-fated QuadrigaCX exchange. Based on the open-source AAVE v2 code, UwU Lend offers lending, borrowing, and staking services, and shares platform revenues with users through its native token, UwU.