The crypto lending platform UwU Lend has suffered one other hack, simply because it was recovering from a previous $20 million exploit on June 10.
The protocol was alerted to the brand new assault by the Web3 safety agency Cyvers, which indicated that the identical perpetrators have been accountable for each incidents.
Cyvers reported that the most recent breach has resulted within the theft of $3.7 million from numerous asset swimming pools, together with uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT.
Do you know?
Wish to get smarter & wealthier with crypto?
Subscribe – We publish new crypto explainer movies each week!
Within the first breach, the attacker manipulated costs by utilizing a flash mortgage to change Ethena USDe (USDe) for different tokens, inflicting a drop within the costs of USDe and Ethena Staked USDe (SUSDe). The attacker then deposited these tokens into UwU Lend, enabling them to borrow extra SUSDe than common, growing the worth of USDe.
The exploiter additionally deposited SUSDe into UwU Lend and borrowed extra Curve DAO (CRV) than usually attainable. Via these methods, practically $20 million value of tokens have been stolen, all of which have been transformed into Ether (ETH).
In response to the preliminary breach, UwU Lend started reimbursing affected customers. They introduced on X that that they had cleared all unhealthy debt within the Wrapped Ether (wETH) market, amounting to 481.36 wETH (over $1.7 million), and had reimbursed a complete of over $9.7 million.
UwU Lend acknowledged that they had recognized and resolved the vulnerability that facilitated the primary exploit. Moreover, they reported that different markets had been totally reviewed by business consultants and auditors, with no additional points discovered.
Nevertheless, crypto safety agency CertiK clarified that the most recent assault didn’t stem from the identical vulnerability; as a substitute, it was a consequence of the preliminary exploit. Regardless of the protocol being paused, UwU Lend’s continued recognition of uUSDE as legitimate collateral allowed the attackers, who nonetheless held a major variety of uUSDE tokens, to take advantage of these tokens and drain the remaining swimming pools.
This second breach highlights the challenges in securing decentralized finance platforms, emphasizing the necessity for strict measures to guard person property.
In different information, hackers just lately used a Google Chrome plugin designed to entry browser cookies and stole over $1 million from a Binance person.
Having accomplished a Grasp’s diploma in Economics, Politics, and Cultures of the East Asia area, Aaron has written scientific papers analyzing the variations between Western and Collective types of capitalism within the post-World Struggle II period.With near a decade of expertise within the FinTech business, Aaron understands all the greatest points and struggles that crypto fanatics face. He’s a passionate analyst who is worried with data-driven and fact-based content material, in addition to that which speaks to each Web3 natives and business newcomers.Aaron is the go-to individual for every little thing and something associated to digital currencies. With an enormous ardour for blockchain & Web3 schooling, Aaron strives to remodel the house as we all know it, and make it extra approachable to finish newcomers.Aaron has been quoted by a number of established shops, and is a printed writer himself. Even throughout his free time, he enjoys researching the market traits, and on the lookout for the subsequent supernova.
