UwU Lend DeFi Hack Incident: A Detailed BreakdownA significant hack has struck UwU Lend, a DeFi lending platform, leading to financial losses estimated at around $19.5 million. Web3 security firm Cyvers identified the breach. ALERTOur system has detected a series of suspicious transactions involving @UwU_Lend!Attacker has executed 3 transactions and was able to get around $19.5M. But hack is still ongoing! Amount might increase. Right now attacker is swapping stolen digital assets to $ETH.… https://t.co/8cAB2NWwKV pic.twitter.com/V2RrqYagD2— Cyvers Alerts (@CyversAlerts) June 10, 2024 The hacker executed three transactions within six minutes, draining approximately $20 million. Funds for the attack were sourced from Tornado Cash two days before the incident. Flash loans were used to manipulate asset prices on DeFi apps, particularly targeting five stablecoin pairs to affect the sUSDe price feed or 'oracle'. The stolen funds, including USDC, FRAX, crvUSD, and blUSD, were converted to ETH and consolidated into a new address holding over 4000 ETH, worth around $15 million, via Uniswap. Among those impacted was Michael Egorov, founder of Curve Finance, who saw a 5% drop in CRV's price post-hack before a recovery. This breach highlights ongoing vulnerabilities within the DeFi sector. Up to May 2024, the industry has suffered $473.22 million in losses from 108 incidents, with $52.37 million lost in 21 incidents in May alone. UwU Lend, created by Michael Patryn (aka 0xSifu) of the infamous QuadrigaCX collapse, has paused its protocol and announced on X an investigation into the exploit, with plans to refund affected users. Michael Patryn’s history with DeFi projects under the 'Frog Nation' umbrella, including Wonderland, Magic Internet Money, and Abracadabra (hacked for $6.5 million earlier this year), coupled with his past at QuadrigaCX, casts a long shadow over the current incident. The protocol was paused a little under an hour ago while the team investigates the situation. Please rest assured that we were made aware of the situation immediately and are taking all necessary steps, doing our best here. Stay tuned for further updates.— UwU Lend (@UwU_Lend) June 10, 2024 The incident underscores the need for improved security protocols and real-time monitoring in DeFi platforms. Proactive communication from DeFi entities is essential for maintaining user trust during crises. The UwU Lend attack is part of a broader trend of increasing cyber threats targeting the DeFi sector, including a $19.5 million hack on Lykke exchange and a $5 million breach of Ethereum L2 Loopring's smart wallet 2FA system. ConclusionThe $19.5 million UwU Lend hack amplifies DeFi's persistent vulnerabilities, highlighting the urgency for robust security protocols, real-time monitoring, and transparent crisis communication from platforms, as cybercriminals continue exploiting lucrative DeFi services. FAQs1. What was the amount stolen in the UwU Lend hack?Approximately $19.5 million worth of cryptocurrencies, including USDC, FRAX, crvUSD, and blUSD, were stolen. The stolen funds were eventually converted to over 4000 ETH worth around $15 million.2. How was the hack executed?The hacker utilized flash loans to manipulate asset prices on DeFi apps, particularly targeting five stablecoin pairs to affect the sUSDe price feed or 'oracle'. This allowed the draining of funds from UwU Lend's protocol.3. Who was behind the UwU Lend protocol?UwU Lend was created by Michael Patryn (aka 0xSifu), who was previously involved in the infamous QuadrigaCX collapse. Patryn has been associated with several DeFi projects under the 'Frog Nation' umbrella, some of which have also been hacked.4. What steps were taken by UwU Lend after the hack?UwU Lend paused its protocol and announced an investigation into the exploit on X (formerly Twitter). They also stated plans to refund affected users.This article has been refined and enhanced by ChatGPT.