UwU Lend Faces a New $3.7 Million Hack Amid Ongoing Reimbursement Efforts

Home » UwU Lend Faces a New $3.7 Million Hack Amid Ongoing Reimbursement Efforts
UwU Lend hit by another $3.7 million hack

In a concerning turn of events, the UwU Lend protocol, which suffered a nearly $20 million hack on June 10, is now under siege again. Onchain data analytics platform Cyvers has reported the ongoing attack, indicating that the same perpetrators from the initial breach are behind this new exploit.

The ongoing breach has siphoned off $3.5 million from various asset pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT. These stolen assets have been converted to Ether (ETH) and are currently held in the attacker’s wallet. Etherscan has flagged this address following a report by Togbe, one of the first X users to highlight the original hack.

This recent exploit occurs just three days after the initial $20 million breach, which was triggered by price manipulation.

Cyvers’ analysis reveals that the attackers utilized a flash loan to swap USDe for other tokens, causing a decrease in the price of Ethena USDe (USDE) and Ethena Staked USDe (SUSDE). They then deposited these tokens into UwU Lend and borrowed more SUSDE than expected, pushing the USDE price higher. Additionally, the attackers deposited SUSDE into UwU Lend and borrowed more Curve DAO (CRV) than anticipated.

Through these maneuvers, the attackers successfully exfiltrated nearly $20 million in tokens.


The protocol announced on X that it had repaid all outstanding debt in the Wrapped Ether (wETH) market, covering a total of 481.36 wETH, valued at over $1.7 million. So far, UwU Lend has reimbursed more than $9.7 million in total.

In the wake of the first exploit, UwU Lend reported that it had identified and rectified the vulnerability, which was specific to the USDe market oracle. They assured users that all other markets had undergone thorough re-evaluation by industry experts and auditors, with no further issues or concerns detected.

However, crypto security firm CertiK has clarified that the current exploit is not due to the same vulnerability. Instead, it stems from the aftermath of the initial attack. CertiK explains that the attacker retained a significant number of uUSDE tokens from the first exploit.

Even with the protocol on pause, UwU Lend still regarded uUSDE as “legitimate collateral,” according to CertiK. This oversight allowed the attacker to use the remaining uUSDE tokens to drain assets from other UwU Lend pools.

Mitigate cyber threats effectively with Keplersafe's expert solutions.