UwU Lend, a decentralized finance (DeFi) protocol that functions as a liquidity market allowing users to deposit and borrow digital assets, was hacked today, with attackers stealing nearly $20 million in digital assets.
The exploit was first discovered by the on-chain security firm Cyvers, which reported a $14 million breach in a June 10 post. Within an hour, the total stolen assets exceeded $20 million.
The protocol, established by Quadriga CX co-founder Michael Patryn, who is also known as Sifu, is currently conducting a thorough investigation.
Attack Funded by Tornado Cash
According to Cqsuyvers’ co-founder and CTO Meir Dolev, the attack was funded through Tornado Cash, a crypto-mixing protocol. The exploit involved multiple assets being drained from UwU Lend’s pools and converted to ETH. The hacker executed three transactions in six minutes, leading to significant losses. The attack remains under investigation.
In the first quarter of 2024, hackers stole $542.7 million in digital assets, 42% more than in the previous year’s first quarter. This trend implies that this year’s total value of digital asset theft may surpass that in 2023.
Mriganka Pattnaik, the co-founder and CEO of Merkle Science, suggested that hackers increasingly target areas outside smart contracts. “While smart contract vulnerabilities remain a concern, hackers increasingly target areas outside smart contracts, like private key leaks.” He said, adding that these leaks have led to significant losses.
Also Read: Orbit Chain Hacker Moves $47.7 Million to Tornado Cash
