UwU Lend Protocol Hacked for Nearly $20 Million

On Monday, June 10, the UwU Lend protocol fell victim to a significant hack, resulting in the loss of nearly $20 million in an ongoing cryptocurrency exploit.

The exploit, amounting to $14 million, was initially uncovered by the on-chain security firm Cyvers. In a post dated June 10, Cyvers issued a warning directly to UwU Lend, stating that an attack was underway and that an address had already been drained of around $14 million.

Image source: Cyvers Alerts

UwU Lend operates as a decentralized finance (DeFi) protocol, serving as a liquidity market where users can both deposit and borrow various digital assets.

UwU Exploit Exceeds $20 Million: Insights from Cyvers Founder

Following Cyvers' initial alert, the hacker managed to siphon off over $20 million within an hour, escalating the exploit's impact.

While investigations are ongoing, Meir Dolev, the CTO and co-founder of Cyvers, indicated that the incident is evolving into a substantial cryptocurrency breach affecting multiple assets. Dolev stated that various assets, such as WBTC and DAI, were drained from the pools and converted into ETH.

In a statement to Cointelegraph, Dolev remarked, "The attack is still in progress, but the severity is evident as the breach has already surpassed the $20 million mark. We are witnessing the loss of different assets from the pools, with conversions predominantly to ETH."

Shortly after the breach, Cyvers disclosed that the attack was financially supported by the crypto mixing protocol Tornado Cash, which facilitated three malicious transactions. Dolev further noted, "The attacker exploited the UwU lending contract through three rapid transactions within six minutes, resulting in an approximate $20 million drainage. The perpetrator had received funding from Tornado Cash two days prior to the attack."

This story is developing, and additional updates will be shared as new information emerges.