On Monday, UwU Lend was hit by a hack that resulted in $20 million in losses. Attackers exploited a vulnerability in the Price Oracle system, shocking the entire crypto community. They used a huge flash loan to manipulate the protocol’s price feed.

What happens next?

Understanding the hack

The attacker was able to launch the attack through a $3 flash loan. According to the assets of 15 billion. CertiK alerts. These assets were strategically distributed: to establish a leveraged position through recurring debt, half of them were borrowed, and the other half affected the value of the five oracles and pumped the sUSDE token.

The attacker continuously eliminated positions to accumulate uWETH tokens. They then normalized the prices and paid off the flash loans, creating about $19.3 million in assets in three transactions. So far, the hacker’s wallet has about $19.4 million.

A familiar name in the mix

Michael Petrin, also known as Michael Petrin or 0xSifu, is one of the co-founders of the now-defunct Quadriga CX, which is directly linked to the hacker. Patreon even placed a 20% reward on the stolen assets for their recovery.

“We are giving a 20% white hat bounty on any funds raised. You will have no exposure to us continuing this and law enforcement issues.”

The reward is about $4 million, provided the hacker pays back the remaining $16 million. Although such offers are common in the crypto market, hackers rarely accept them. However, there are exceptions.

UwU Debt: A weak clone

UwU Lend, a lending protocol founded in 2022 as a clone of the Aave protocol, was targeted because its prices were easy to manipulate. Exploiting this vulnerability with Flash Loans, the hacker was able to withdraw $20 million from the protocol using a loan that could have reached $4 billion.

This incident highlights the vulnerabilities within decentralized financial platforms and the need for strong security measures to prevent similar attacks in the future.

Reda also: Orbit Chain Hacked for $48 Million: Here’s What Happened



Source link