A major cryptocurrency hack shook the DeFi world recently as UwU Lend, a decentralized finance protocol serving as a liquidity market, lost nearly $20 million in digital assets. The breach, first unveiled by the on-chain security firm Cyvers, happened on Monday, June 10, with the unknown hacker making away with a mounting sum passing the $20 million mark within an hour.
Cyvers co-founder and CTO, Meir Dolev, outlined the seriousness of the exploit, explaining that multiple assets such as WBTC and DAI were drained from the pools before being converted to ETH. He also added, “The attack is still ongoing, and we’re talking about a major incident that has already surpassed the $20 million threshold.”
The incident’s scale widened as further investigations found that the attacker was funded by the crypto mixing protocol Tornado Cash and had executed three malicious transactions. “The UwU lending contract was exploited by an attacker that executed three transactions in six minutes and drained approximately $20 million,” said Dolev. The funding for the attack came from Tornado Cash two days prior.
This alarming attack has prompted a significant conversation about the mounting instances of cryptocurrency hacks. In Q1 of 2024 alone, digital assets amounting to $542.7 million were stolen – a 42% increase compared to the same period in 2023. Experts suggest that the increase in attacks stems from both the growing valuation of cryptocurrencies, attracting more malicious actors, and the increasing targeting of easier vulnerabilities such as private key leaks.
“The growing value of cryptocurrencies has been attracting more malicious actors since the start of 2024,” commented Mriganka Pattnaik, co-founder and CEO of crypto risk and intelligence platform Merkle Science. He added that hackers are increasingly exploiting areas outside smart contracts like private key leaks, leading to significant losses.