The attacker funded their wallet via the sanctioned crypto mixer Tornado Cash.

Cyvers co-founder and CTO Meir Dolev told CryptoSlate in a June 10 statement:

“The UWU lending contract was exploited by an attacker that executed three transactions in six minutes and drained approximately $20 million.”

On-chain data reveals that the attacker’s wallet moved several digital assets, including wrapped Ethereum (WETH), wrapped Bitcoin (WBTC), and stablecoins like USDC. The attacker’s address has been tagged as the UwU Lend Exploiter on Etherscan.

Web3 security firm PeckShield further corroborated the incident, adding that the root cause of the attack was a price oracle issue. It said:

“In particular, the sUSDe asset is priced as median from multiple sources. Five of them, i.e., FRAXUSDe, USDeUSDC, USDeDAI, USDecrvUSD, and GHOUSDe, were manipulated during the hack.”

Meanwhile, UwU Lend confirmed the incident and immediately paused its platform. The protocol said:

“[We are] taking all necessary steps [and] doing our best here. Stay tuned for further updates.”

TVL surge?

Despite the exploit, the total value of assets locked on the DeFi protocol UwU Lend surged by 135% in the last 24 hours.

Data from DeFiLlama shows that UwU Lend currently holds over 82,000 ETH, valued at $305 million. However, approximately $247 million of these funds are borrowed.

UwU Lend was developed by Michael Patryn — also known as Sifu or 0xSifu — the controversial founder of the defunct Quadriga CX exchange. The platform enables depositors to provide liquidity to earn passive income, while borrowers can obtain liquidity in an over-collateralized manner. Additionally, liquidity providers supply liquidity and earn revenue by staking their LP tokens.