n June 10th, UWU Lend was exploited for the first time through a flash loan maneuver that drained $20 million from the protocol. The attacker manipulated the price of a stablecoin called USDe to borrow more than expected against it as collateral. Once identified, the team paused the platform and assured users that their funds were safe. They offered a $4 million bounty for the return of stolen assets and asked the hacker to send back 80% by June 12th.
Second Exploit Steals Another $3.7 Million
Just as reimbursements to victims were beginning, the same attacker struck again on June 13th. This time, about $3.7 million was drained from pools holding DAI, WETH, LUSD, FRAX, CRV, and USDT. The exploit occurred in a similar manner by using inflated collateral from the first hack. With no response from the hacker, UWU Lend paused operations once more to investigate the second vulnerability.
$5 Million Bounty Announced
Frustrated that the hacker did not return any funds by the June 12th deadline, UWU Lend published an on-chain message offering a $5 million Ethereum bounty. This sizable reward aims to incentivize anyone with information leading to the identification and location of the exploiter. However, without further cooperation from the individual, repaying all victims totaling over $23 million stolen may remain an ongoing challenge.Β
Moving forward, improved price oracle mechanisms and other security enhancements will be important for UWU Lend to restore user trust. But the immediate priority is still catching the perpetrator behind these flash loan attacks. Only time will tell if the large bounty accomplishes this goal, or if the saga will continue with more twists.
