Cyvers experts recently revealed a major security breach at the decentralized finance (DeFi) platform UwU Lend, estimating the potential damages to be around $19.5 million. As the situation unfolds, the UwU Lend team has yet to confirm these reports officially.
The breach came to light when Cyvers initially reported a loss of $14 million. However, within an hour of their announcement, the figure surged to $19.5 million. It appears that the hacker is actively transferring out funds and converting them into Ethereum (ETH). Meir Dolev, the co-founder of Cyvers, provided insights into the ongoing attack in a statement to Cointelegraph: "The attack is still active. We're looking at a major breach that has already exceeded the $20 million mark. The hacker is converting various assets, including WBTC and DAI, into ETH."
Supporting Cyvers' findings, Arkham Intelligence confirmed the withdrawal of assets and published the address of the alleged hacker. According to their data, the perpetrator has distributed Ethereum into different wallets, with one holding crypto assets worth $4.7 million and another $14.7 million.
Dolev mentioned that the hacker exploited a vulnerability in the credit contract of UwU Lend. However, detailed specifics about the breach remain undisclosed, and there has been no official statement from the UwU Lend team at the time of reporting.
In response to the breach, the developers of UwU Lend have temporarily suspended the protocol's operations while they conduct an investigation.
This incident is part of a larger trend in cybersecurity challenges facing the DeFi sector. A report by PeckShield on cybersecurity incidents in May 2024 indicated a 666% increase in damages compared to the previous month, highlighting the growing risks in the digital finance environment.
4