Hacker Extracts $19 Million from UwU Lend Protocol

On June 10, analysts at Arkham Intelligence warned of a potential breach of the DeFi liquidity protocol UwU Lend. The preliminary damage was estimated at $19.3 million. 

ALERT: Possible exploit on Uwulend??

$19.3M removed so far.

Address:https://t.co/mDU0WTbE7S pic.twitter.com/Bx7cLbkrqE

— Arkham (@ArkhamIntel) June 10, 2024

According to researchers at Cyvers Alerts, the hacker withdrew the funds through three transactions and has already begun converting the assets into ETH. 

?ALERT?Our system has detected a series of suspicious transactions involving @UwU_Lend!

Attacker has executed 3 transactions and was able to get around $19.5M. But hack is still ongoing! Amount might increase. Right now attacker is swapping stolen digital assets to $ETH.… https://t.co/8cAB2NWwKV pic.twitter.com/V2RrqYagD2

— ? Cyvers Alerts ? (@CyversAlerts) June 10, 2024

Two days before the incident, the hacker interacted with the Tornado Cash mixer to fund the breach. Cyvers’ analysis system detected the deployment of a malicious contract before the funds were moved.

Representatives of UwU Lend responded to the warnings approximately two hours after the attack began and announced the suspension of the protocol. 

The protocol was paused a little under an hour ago while the team investigates the situation. Please rest assured that we were made aware of the situation immediately and are taking all necessary steps, doing our best here. Stay tuned for further updates.

— UwU Lend (@UwU_Lend) June 10, 2024

“Please rest assured that we were made aware of the situation immediately and are taking all necessary steps, doing our best here. Stay tuned for further updates,” the statement reads. 

According to journalist Colin Wu, UwU Lend was launched by Michael Patryn, co-founder of the defunct cryptocurrency exchange QuadrigaCX, known under the pseudonym 0xSifu. 

The project is a fork of Aave and supports lending in the algorithmic stablecoin MIM.

Earlier this summer, the decentralized exchange Velocore was attacked. A hacker withdrew approximately $6.8 million in Ethereum from pools in the L2 networks Linea and zkSyncEra.

In May, the Japanese cryptocurrency exchange DMM Bitcoin lost $305 million in a hack. The platform intends to seek financial support to compensate users.