UwU Lend Protocol Hacked for Nearly $20 Million in Major Cryptocurrency Exploit
On Monday, June 10, the decentralized finance (DeFi) protocol UwU Lend fell victim to a significant cryptocurrency hack, resulting in losses close to $20 million. This exploit, first identified by on-chain security firm Cyvers, quickly escalated, making headlines within the crypto community.
Cyvers, an on-chain security company, sounded the alarm on June 10 through a post on X, stating:
“Hey @UwU_Lend, you are being attacked! So far, the address has secured around $14M…”
UwU Lend operates as a liquidity market within the DeFi space, allowing users to deposit and borrow digital assets. The hack, initially valued at $14 million, swiftly ballooned to over $20 million within an hour, marking a significant breach.
Meir Dolev, Chief Technology Officer and co-founder of Cyvers, described the ongoing attack to Cointelegraph:
“The attack is still ongoing, but we can already see that we’re dealing with a major incident that has already surpassed the $20 million threshold. Multiple assets, including WBTC and DAI, have been drained from the pools and converted to ETH.”
Cyvers’ investigation revealed that the attack was funded by the crypto mixing protocol Tornado Cash and involved three malicious transactions. Dolev further explained:
“The UwU lending contract was exploited through three transactions executed within six minutes, draining approximately $20 million. The attacker received funding from Tornado Cash two days prior to the attack.”
Rising Trend of Crypto Hacks in 2024
The incident at UwU Lend is part of a broader trend of increasing cryptocurrency hacks in 2024. In the first quarter alone, hackers stole digital assets valued at $542.7 million, a 42% increase compared to the same period in 2023.
The growing valuation of cryptocurrencies has attracted more malicious actors since the beginning of 2024. Mriganka Pattnaik, co-founder and CEO of crypto risk and intelligence platform Merkle Science, noted:
“While smart contract vulnerabilities remain a concern, hackers increasingly target areas outside smart contracts, such as private key leaks. These leaks, often caused by phishing attacks or insecure storage practices, have led to significant losses.”
The UwU Lend hack underscores the need for heightened security measures within the DeFi space to protect against the evolving tactics of cybercriminals.
Leave a comment