UwU Lend protocol was hacked for nearly $20 million on Monday, June 10, in an ongoing cryptocurrency exploit.
The $14 million exploit was first discovered by on-chain security firm Cyvers, which wrote in a June 10 X post:
“Hey @UwU_Lend, you are being attacked! So far address got around $14M…”
UwU Lend is a decentralized finance (DeFi) protocol that functions as a liquidity market, allowing users to deposit and borrow digital assets.
Related: Nvidia outperforms Apple by 25x, ahead of 10-to-1 stock split
UwU exploit tops $20 million — Cyvers founder
In less than an hour after Cyvers’ initial alert, the unknown hacker had stolen above $20 million in the ongoing exploit.
While the team is still investigating the incident, it is shaping up as a major cryptocurrency hack that affected multiple assets, according to Meir Dolev, chief technology officer and co-founder of Cyvers.
Dolev told Cointelegraph:
“The attack is still ongoing, but we can already see that we’re talking about a major incident that has already passed the $20 million threshold. We’re talking about different assets (like WBTC and DAI) that are drained from the pools and being converted to ETH.”
Shortly after the attack, Cyvers revealed that the attack was funded by the crypto mixing protocol Tornado Cash and executed three malicious transactions. According to Dolev:
“The UwU lending contract was exploited by an attacker that executed three transactions in six minutes and drained approximately $20 million. The attacker was funded from Tornado Cash two days ago.”
Related: Crypto hacks increase in 2024, but smart contracts not to blame
Crypto hacks in 2024 are set to surpass 2023
Crypto hackers may be on track to surpass 2023 in terms of stolen digital assets. In the first quarter of 2024, hackers stole digital assets valued at $542.7 million, a 42% increase compared to the same period in 2023.
One of the reasons behind the growing amount of stolen funds is the growing valuation of cryptocurrencies, which have been attracting more malicious actors since the beginning of 2024.
Another reason behind the growing instances of cyber exploits is attackers vying for easier targets, said Mriganka Pattnaik, co-founder and CEO of crypto risk and intelligence platform Merkle Science.
Pattnaik told Cointelegraph:
“While smart contract vulnerabilities remain a concern, hackers increasingly target areas outside smart contracts, like private key leaks. These leaks, often due to phishing attacks or insecure storage practices, have led to significant losses.”
Magazine: Caitlyn Jenner meme coin ‘mastermind’s’ celebrity price list leaked