UwU loan protocol amid ongoing recovery efforts for another $3.7 million embezzlement

The UwU lending protocol, which was previously targeted in a June 10 hack of nearly $20 million, is experiencing ongoing cryptocurrency exploitation that has resulted in the theft of $3.7 million so far.

The development comes as the protocol seeks to reimburse its users following the June 10 hack of $19.3 million.

Hacking $3.7 million

Syvers, an on-chain data analysis platform, was the first to warn UwU Lend about the ongoing exploit. Based on the findings, the bad actors behind this latest incident appear to be the same ones responsible for the previous $19.3 million heist.

ALERT@UwU_Lend Another security breach by the same attacker!

Total loss: $3.7MA Affected pools: uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, uUSDTAll The stolen assets are converted to $ETH and available at the attacker's address.

to learn…

— CyversAlerts (@CyversAlerts) June 13, 2024

The stolen funds, collected from various asset pools including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD and uUSDT, were already converted to Ethereum and transferred to the attacker's address.

Following the first breach on June 10, the development team at UwU Lend notified the community that it had implemented immediate measures to address the breach. The protocol is temporarily suspended while investigations are carried out into the vulnerabilities exploited by the hackers.

In an update released on June 12 on X, the UwU developer team stated that they had identified and resolved a specific vulnerability related to the sUSDe market legend.

(1/5)

The team has now identified unique and current exposures to the sUSDe market legend. All other markets have been re-evaluated by industry experts and auditors with no issues or concerns found.

— UwU Lend (@UwU_Lend) June 12, 2024

He added that an independent audit had been conducted on all markets without finding any further issues, assuring users that all operations would resume promptly and that no user funds were permanently lost due to the incident.

Compensatory efforts

Following the incident, UwU launched compensation efforts, telling users that “the protocol will pay all bad debts as soon as possible.” We will keep users informed of the process and next steps.

As of last update on June 13, the team has so far successfully refunded a total of $9,715,288 to affected users. The gap included certain amounts returned in various cryptocurrencies such as DAI, crvUSD, USDT and weTH.

Paid out so far:• 3,522,427$DAI• 233,819$crvUSD• 4,225,000$USDT• 481.36$wETH ($1,734,042)Total: $9,715,288

! # FundsAreUwU

— UwU Lend (@UwU_Lend) June 13, 2024

UwU Lend, a fork of the open source AAVE v2 protocol, offers its users a variety of decentralized financial services such as loans, borrowing and lending. One of its unique features includes a revenue sharing token called UwU, which allows users to directly receive a portion of the platform's revenues.