TL;DR
- UwU Lend, a DeFi protocol founded by former Frog Nation CFO, Sifu, fell victim to a cyberattack. Resulting in a loss of $19.4 million.
- Hackers manipulated the protocol’s oracle to swiftly execute several transactions in just six minutes.
- In response to the attack. The protocol halted its operations and is negotiating with the hacker to protect users and their funds.
UwU Lend, a decentralized finance (DeFi) protocol, finds itself in the eye of the storm after being targeted in a sophisticated cyberattack resulting in a loss of $19.4 million. Founded by former Frog Nation CFO, Sifu. It serves as a platform for users to engage in lending and borrowing digital assets.
The attack, orchestrated through manipulation of the protocol’s oracle. Unfolded rapidly as the perpetrators executed a series of transactions in just six minutes. Cyvers, an on-chain security firm, was quick to detect the exploit and sound the alarm, alerting the community via social media.
Yesterday UwU Lend was the target of an exploit involving a sophisticated attack. The team reacted swiftly and the protocol was paused within minutes. Rates for borrows and deposits have been set to 0% so users’ positions will not be affected by this pause.
— UwU Lend (@UwU_Lend) June 11, 2024
Hackers managed to convert stolen Wrapped Bitcoin (WBTC) and Dai (DAI) into Ether (ETH) after acquiring funds from Tornado Cash, a cryptocurrency mixer. Peckshield, an auditing firm, identified that the root cause of the problem was an issue with the price oracle involving the sUSDe asset, which hackers exploited by manipulating five different sources.
UwU Lend Initiates Negotiations with Hacker
In response to the attack, UwU Lend took swift action, halting its protocol operations to prevent further losses. Borrowing and deposit rates were set at 0% to protect users’ positions, while the team initiated negotiations with the hacker. Michael Patryn, also known as 0xSifu and founder of the protocol, extended an offer to the perpetrator, proposing the return of a portion of the stolen funds in exchange for immunity from legal repercussions.
However, the incident has had severe repercussions for UwU Lend. With an estimated total loss of approximately $23 million in various digital assets. Despite the setback, the protocol assures its users that the majority of deposited assets were not affected by the breach.
This attack is particularly significant. Hackers are capitalizing on the increasing valuation of cryptocurrencies to exploit vulnerabilities within DeFi protocols. The incident serves as a stark reminder of the importance of implementing robust security measures and proactive risk management strategies to protect users and their assets.
For now, negotiations with the hacker are ongoing. The community awaits the outcome of this episode. With users of the protocol hoping that their funds have not been compromised.
