The UwU Lend protocol, previously targeted in a hack of nearly $20 million on June 10, is facing an ongoing cryptocurrency exploit that has so far resulted in the theft of $3.7 million.
This development comes as the protocol has made efforts to refund its users following the June 10 $19.3 million hack.
$3.7 million hack
Cyvers, an on-chain data analytics platform, was the first to alert UwU Lend to the ongoing exploit. According to their findings, the bad actors behind this latest incident appear to be the same as those responsible for the previous theft of $19.3 million.
ALERT@UwU_Lend suffered another security breach by the same attacker!
Total loss: $3.7 million
Groups affected: uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, uUSDT
All stolen property has been converted to $ETH and are located at the attacker’s address: https://t.co/9TvwLh18P1
To learn… https://t.co/AjcMS1Cdyl
— Cyvers Alerts (@CyversAlerts) June 13, 2024
The stolen funds, from various asset pools including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD and uUSDT, have already been converted to Ethereum and transferred to the attacker’s address.
Following the initial breach on June 10, the UwU Lend development team notified the community that they had implemented immediate measures to mitigate the damage. The protocol was temporarily halted while investigations were carried out into the vulnerabilities exploited by the hackers.
In an update shared on June 12 via a thread on X, the UwU development team revealed that it had identified the specific vulnerability related to the sUSDe market oracle and claimed to have fixed it.
(1/5)
The team has now identified the vulnerability, which was unique to the sUSDe market oracle and has now been . All other markets have been reviewed again by industry professionals and auditors with no issues or concerns found.
— UwU Lend (@UwU_Lend) June 12, 2024
They added that independent audits of all other marketplaces had been conducted without uncovering additional issues, assuring users that all features would resume quickly, and emphasized that no user funds had been lost during the incident.
Reimbursement Efforts
Following the incident, UwU initiated repayment efforts, informing users that “The protocol will pay all bad debts as soon as possible. We will keep users updated on progress and next steps.”
In a final update on June 13, the team reported that they had successfully refunded a total of $9,715,288 to affected users so far. The breakdown included specific amounts returned in various cryptocurrencies such as DAI, crvUSD, USDT and wETH.
Reimbursed so far:
• 3,522,427 $DAI
• 233,819 $crvUSD
• 4,225,000 $USDT
• 481.36 $wETH ($1,734,042)
Total: $9,715,288
— UwU Lend (@UwU_Lend) June 13, 2024
UwU Lend, a fork of the open-source AAVE v2 protocol, offers its users various decentralized financial services, including loans, borrowings, and equity. One of its unique features includes a revenue sharing token called UwU, which allows users to directly earn a share of the platform’s revenue.
SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).
2024 LIMITED OFFER on BYDFi Exchange – Up to $2888 Welcome Reward, Use this link to register and open a 100 USDT-M position for free!
Bitcoin 
Ethereum 
Tether 
XRP 
Solana 
BNB 
Dogecoin 
USDC 
Cardano 
Lido Staked Ether 
TRON 
Avalanche 
Chainlink 
Shiba Inu 
Wrapped stETH 
Toncoin 
Polkadot 
Sui 
Wrapped Bitcoin 
Stellar 
Hedera 
Uniswap 
Bitcoin Cash 
WETH 
Pepe 
Litecoin 
LEO Token 
NEAR Protocol 
Wrapped eETH 
Aptos 
Internet Computer 
Hyperliquid 
Ethena USDe 
Aave 
POL (ex-MATIC) 
Ethereum Classic 
USDS 
Cronos 
Render 
VeChain 
Artificial Superintelligence Alliance 
Bitget Token 
Bittensor 
Mantle 
Arbitrum 
Kaspa 
Filecoin 
MANTRA 
Algorand 
Monero