Blockchain InformationUwU Lend Suffers Two Hacks in Three Days, Total Losses Reach $24 Million
On June 10, the decentralized lending protocol UwU Lend suffered a hack, resulting in a loss of nearly $19.3 million. On-chain data shows that the hacker's wallet successfully stole a range of tokens, including Wrapped Ether (WETH), Wrapped Bitcoin (WBTC), and stablecoins, most of which were then traded on Uniswap.
UwU Lend is a project forked from the open-source code of the Ethereum-based lending protocol AAVE v2. It allows users to lend and borrow digital assets, participate in investment strategies, and manage assets in a non-custodial manner. According to the documentation on its website, the platform prioritizes security, using forked and audited code from AAVE v2 to minimize smart contract risks. However, this recent breach has exposed vulnerabilities in the protocol's security measures.
Web3 security firm PeckShield stated that the root cause of the attack was an issue with the price oracle, specifically that the pricing of the sUSDe asset came from a median of multiple sources. Five of these sources—FRAXUSDe, USDeUSDC, USDeDAI, USDecrvUSD, and GHOUSDe—were manipulated during the attack.
In the first breach, the attacker used flash loans to manipulate the price of Ethena USDe (USDe) by exchanging it for other tokens, causing the price of USDe and Ethena Staked USDe (SUSDe) to drop. The attacker then deposited these tokens into UwU Lend, allowing them to borrow more SUSDe than usual, thereby inflating the price of USDe. The attacker also deposited SUSDe into UwU Lend and borrowed more Curve DAO (CRV) than typically possible. Through these strategies, nearly $20 million worth of tokens were stolen and subsequently converted into Ether (ETH).
In response to the initial default event, UwU Lend began compensating affected users. They announced on X that they had cleared all bad debt in the Wrapped Ether (wETH) market, totaling 481.36 wETH (over $1.7 million), and repaid more than $9.7 million in total.
Cryptocurrency security firm CertiK revealed that the ongoing attacks were not due to the same vulnerability but were a result of the initial attack.
Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
相关推荐
- BlockDAG’s Seattle Deals Beat KAS $0.20 Forecast & Pi’s Price Surge
- Hegic Shutdown Raises Insider Trading Suspicions, Potentially Earning $17 Million via Whiteheart
- Linea: DeFi Voyage Wave 7 Partner Project Rubydex Encounters Frontend Vulnerability, Caution Advised
- Bloomberg Analyst: Four Issuers Meet with SEC in Recent Days Regarding Spot Bitcoin ETFs
- XRP Breaks Consolidation, Eyes Next Key Targets
- Delphi Digital Report: IRD Could Become One of the Hot Narratives in 2024
- Bloomberg Analyst: Four Issuers Meet with SEC in Recent Days Regarding Spot Bitcoin ETFs
- Venom Foundation Announces Dissolution and Withdrawal from ADGM