UwU Lend, a crypto lending protocol, was exploited twice within three days as the attacker walked away with about $23.7 million. The first attack came on June 10, with the attacker walking away with $20 million in crypto from the platform. Today’s attack resulted in an additional loss of around $3.7 million.

The second exploit was an extension of the first as they still had funds left on the protocol, which they withdrew less than three days after the first incident. Essentially, the attacker conducted a flash loan exploit that allowed them to take advantage of a bug in the platform and manipulate asset prices. They swapped Ethena USDe (USDE) for other tokens, which lowered USDE and Staked Ethena USDe (SUSDE) on the platform’s pools.

Then, they proceeded to extract the SUSDE tokens at a discount by depositing other assets as collateral to borrow them. In this process, SUSDE’s price increased rapidly, which the attacker took advantage of by depositing the borrowed SUSDE to borrow more than possible amounts of CURVE DAO (CRV) tokens. This method was used to drain funds from UwU Lend in the millions.

The platform had just reimbursed its users who suffered losses because of the exploit on June 10 by about $9.7 million today. A few hours after the reimbursements, the attacker returned to siphon away $3.7 million from the platform. CertiK, the blockchain cybersecurity platform, stated that the attacker was withdrawing funds they had already gained access to three days ago.

They converted the assets they obtained from the lending platform on both occasions to ETH and sent the funds to their address – 0x841dDf093f5188989fA1524e7B893de64B421f47. The address was linked to withdrawals from both exploits, explaining that it was the same actor behind both incidents. They capitalized on a vulnerability in an oracle contract linked to the USDE price feeds.

