The UwU Lend protocol, which was hacked for nearly $20 million on June 10, is under attack again in an ongoing cryptocurrency exploit.
Onchain data analytics platform Cyvers alerted the protocol to the attack, claiming the attackers were the same as the ones who carried out the previous $20 million exploit.
The ongoing exploit has already stolen $3.5 million from different asset pools, namely uDAI, uWETH, uLUSD, uFRAX, uCRVUSD and uUSDT. All stolen assets have been converted to Ether (ETH) and are located at the attacker’s address: 0x841dDf093f5188989fA1524e7B893de64B421f47.
First exploit was caused by price manipulation
The latest exploit for the lending protocol occurred within three days of the $20 million exploit, and UwU started the reimbursement process earlier today, just hours before the second exploit.
The first UwU Lend exploit was caused by price manipulation. The attacker first used a flash loan to swap USDe for other tokens, which led to a lower price of Ethena USDe (USDE) and Ethena Staked USDe (SUSDE). The attacker then deposited the tokens to UwU Lend and lent more SUSDE than expected, driving the USDE price higher.
Similarly, the attacker deposited SUSDE to UwU Lend and borrowed more Curve DAO (CRV) tokens than expected. Ultimately, the attackers stole nearly $20 million in tokens through price manipulation. The exploiter then converted all the stolen funds into ETH.
Related: Crypto hacks increase in 2024, but smart contracts not to blame
UwU was in the process of reimbursing previous hack victims
The lend protocol was in the process of reimbursing hack victims and took to X to announce that it had repaid all bad debt for the Wrapped Ether (wETH) market, amounting to 481.36 wETH worth over $1.7 million. In total, the protocol reimbursed over $9.7 million.
UwU claimed that it had identified the vulnerability responsible for the exploit, which it said was unique to the USDe market oracle.
The protocol claimed the vulnerability had been resolved and that all other markets had been “re-reviewed by industry professionals and auditors with no issues or concerns found.”
Crypto security firm CertiK told Cointelegraph that the ongoing exploit is not the same vulnerability but is a consequence of having been exploited on June 10. CertiK explained that the attacker gained a number of sUSDE tokens from the first exploit, which they were still holding.
Although the protocol was paused, “the UwULend protocol still considered sUSDE as legitimate collateral, which allowed the attackers to exploit the remaining sUSDE and drain the remaining pools of the UwULend protocol,” CertiK said.
Magazine: Caitlyn Jenner meme coin ‘mastermind’s’ celebrity price list leaked