UwU Lend protocol was hacked for nearly $20 million on Monday, June 10, in an ongoing cryptocurrency exploit.
The $14 million exploit was first discovered by on-chain security firm Cyvers, which wrote in a June 10 X post:
“Hey @UwU_Lend, you are being attacked! So far address got around $14M…”
UwU Lend is a decentralized finance (DeFi) protocol that functions as a liquidity market, allowing users to deposit and borrow digital assets.
UwU exploit tops $20 million: Cyvers founder
In less than an hour after Cyvers’ initial alert, the unknown hacker had stolen above $20 million in the ongoing exploit.
While the team is still investigating the incident, it is shaping up as a major cryptocurrency hack with multiple assets affected, according to Meir Dolev, CTO and co-founder of Cyvers.
Dolev told Cointelegraph:
“The attack is still ongoing, but we can already see that we're talking about a major incident that has already passed the $20M threshold. We're talking about different assets (like WBTC and DAI) that are drained from the pools and being converted to ETH.”
Shortly after the attack, Cyvers revealed that the attack was funded by the crypto mixing protocol Tornado Cash and executed 3 malicious transactions, according to Dolev:
“The UWU lending contract was exploited by an attacker that executed 3 transactions in 6 minutes and drained approx. 20 million USD. The attacker was funded from Tornado Cash 2 days ago.”