Analysis of UwU Lend's $20 Million Flash Loan Hack and Recovery Efforts
UwU Lend was a victim of a $20 million loss due to hackers leveraging price oracle manipulation. The incident, unfolding on Monday, stunned the crypto community as the attacker exploited a significant flash loan to manipulate the protocol's price feed.
Insight into the Cyber Intrusion
The attacker initiated the breach through a massive flash loan worth $3.15 billion in assets, as reported by CertiK alerts. The assets were strategically partitioned to establish a leveraged position through recursive debt. Half of the assets were used for this purpose, while the rest influenced the values of five oracles, inflating the sUSDE token value.
Through a series of liquidations, the hacker acquired additional uWETH tokens and then normalized the prices, repaying the flash loan. In the process, the attacker made off with approximately $19.3 million worth of assets through three transactions, with the hacker's wallet currently holding $19.4 million.
Offer from Michael Patryn
Michael Patryn, also known as Michael Patryn or 0xSifu, a co-founder of the now-defunct Quadriga CX, engaged directly with the hacker. Patryn pledged a 20% reward of the stolen assets for their recovery. His message on Ethereum stated, "We are providing a 20% white hat bounty on any misappropriated funds, with no liabilities in pursuing or legal aspects." The monetary incentive equates to about $4 million for the hacker if they surrender the remaining $16 million in crypto-coins. While such offers are prevalent in the crypto domain, hackers often disregard them.
Created in 2022 as a mirror of the Aave lending protocol, UwU Lend succumbed to the hack due to the vulnerability of simplistic price oracles. Exploiting a flash loan, the hacker drained $20 million from the protocol, potentially accessing a loan amount of up to $4 billion.
To delve deeper into this incident, explore the Orbit Chain Hack for $48 Million for additional insights into a significant cyber breach.
