en
Back to the list

Sifu’s Uwu Lend hacked again by same attacker, loses $3.7M

source-logo  cryptopolitan.com 13 June 2024 10:24, UTC

Uwu Lend, a DeFi protocol founded by convicted fraudster Michael Patryn, a.k.a “Sifu”, was hacked again on Thursday for $3.7 million, according to the blockchain security firm Cyvers. It comes just three days after the same attacker plundered the protocol for $19.4 million, it said.

Also read: DeFi protocol founded by ‘Sifu’ hacked for $19.4 million

Cyvers did not say exactly how the exploit happened. However, the initial attack on June 10 involved the use of ‘flash loans’, a type of loan that allows decentralized finance (DeFi) users to borrow crypto without collateral. Flash loans can also be manipulated. In the Monday incident, the Uwu Lend hacker targeted five stablecoin pairs to manipulate the price feed of sUSDe and stole nearly $20 million in USDC, FRAX, crvUSD and blUSD.

Uwu Lend has not committed to refunding users a second time

In the latest breach, Cyvers reports that the hacker made off with a total of $3.7 million in the stablecoins DAI, USDT, FRAX, crvUSD, LUSD and wrapped Ether. Like the first time, the stolen funds were converted to Ethereum (ETH) and transferred to the attacker’s wallet address.

🚨ALERT🚨@UwU_Lend has suffered another security breach by the same attacker!

Total loss: $3.7M
Affected pools: uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, uUSDT
All stolen assets have been converted to $ETH and are located at the attacker's address: https://t.co/9TvwLh18P1

To learn… https://t.co/AjcMS1Cdyl

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 13, 2024

As of writing, Uwu Lend has not commented on the Thursday exploit. Previously, the protocol said it would reimburse people “up to 80% of their original deposited amount.” The company later said it had “identified the vulnerability” that led to the initial breach and resolved the issue.

Uwu Lend eventually reactivated its lending pools, which were paused in the wake of the $19.4 million heist. Cyvers revealed that the attacker hit them again 24 hours later. The protocol came out of leading lending protocol Aave, particularly its so-called v2 codebase, allowing users to borrow, lend and stake a variety of crypto assets.

Also read: OKX user loses $2 million in crypto in AI deepfake hack

Uwu Lend was created by Michael Patryn, co-founder of the Canadian crypto exchange Quadriga CX, which lost $124 million of user funds in 2019. Sifu was booted out as treasurer of DeFi protocol Wonderland in February 2022 after he was doxxed as Patryn. He was not accused of any wrongdoing. Sifu is also a former convict who did time for bank fraud in the U.S.


Cryptopolitan reporting by Jeffrey Gogo

cryptopolitan.com