UwU Lend Protocol Falls Victim to $20 Million Hack in Ongoing Cryptocurrency Exploit
By Hassan Shittu
Updated on: June 10, 2024 17:03 EDT
|
Reading Time: 2 minutes
In a continuing breach of security, the decentralized finance (DeFi) platform UwU Lend was hacked on Monday, resulting in a loss of nearly $20 million.
UwU Lend, a prominent decentralized finance protocol, enables users to deposit and borrow digital assets, serving as a liquidity market within the DeFi ecosystem. The breach, initially identified by on-chain security company Cyvers, has quickly escalated into a significant incident impacting various digital assets.
UwU Lend Protocol Hack: Initial Detection and Immediate Consequences
Cyvers first detected the breach, notifying UwU Lend through a post on June 10.
Within an hour, the stolen amount exceeded $20 million, leading to a substantial impact.
UwU Lend is currently dealing with the aftermath of this significant breach. The unidentified hacker successfully siphoned assets from the protocol’s pools, converting them into Ethereum (ETH).
Meir Dolev, co-founder and chief technology officer of Cyvers, provided further details on the situation in a report.
“The attack is still ongoing, but it is evident that we are facing a major incident that has surpassed the $20 million mark,” he stated. “Assets like WBTC and DAI have been drained from the pools and converted to ETH.”
Subsequent investigations revealed that the attack was facilitated by the popular crypto-mixing protocol Tornado Cash, which the hacker leveraged to carry out the exploit.
“The attacker exploited the UwU lending contract through three transactions in six minutes, draining approximately $20 million,” Dolev explained. “The attacker received funding from Tornado Cash two days ago.”
In response to the breach, the UwU team announced that the protocol had been temporarily halted for investigation less than an hour ago. Assuring users, the team stated,
Rising Trend of Crypto Hacks in 2024
As per a recent report by Immunefi, the cryptocurrency industry incurred losses of approximately $473.22 million from 108 incidents in May 2024.
Source: Immunefi May 2024 report.
This figure represents a 12% decrease from May 2023, when losses exceeded $59 million, and a 28% decrease month-over-month. The majority of losses in May 2024 were attributed to two significant projects:
Gala Games, a cryptocurrency gaming project, experienced a $21 million loss, while Sonne Finance, a decentralized lending protocol, suffered a $20 million loss.
During this period, DeFi platforms were the primary targets for exploits, with CeFi not encountering any major attacks.
Hacks were the leading cause of financial losses, amounting to $50,618,600 across 14 incidents, while fraud contributed $1,753,300 from seven events. Ethereum and BNB Chain were the most targeted blockchains, constituting 62% of the total losses.
In a similar incident last month, the DeFi lending protocol Pike Finance fell victim to a major security breach, losing $1.6 million over three days due to a smart contract vulnerability.
On April 30, an attacker exploited Pike’s Ethereum, Arbitrum, and Optimism chains, draining $1.68 million. This marked the second attack following a $300,000 exploit on April 26, both stemming from the same vulnerability that allowed the attacker to alter the output address and override the contract.
Follow Us on Google News
Subscribe to Updates
Get the latest creative news from FooBar about art, design and business.