Over $11 million has been stolen by a hacker from OKX user account; UwU Lend hit by another $3.7 million hack
More than 11 million US dollars were stolen by a hacker from an OKX user's account, including the main and sub-accounts. The funds disappeared in just 25 minutes, probably because the browser session was stolen. In a worrying development, the UwU Lend protocol is now facing a repeat attack.
Over $11 million USD has been stolen by a hacker from OKX exchange user account, including main and sub-accounts. Funds vanished in just 25 minutes, probably browser session is stolen.
UwU Lend hit by another $3.7 million hack
In a troubling development, the UwU Lend protocol, which fell victim to a nearly $20 million hack on June 10, is now facing another ongoing exploit. Onchain data analytics platform Cyvers has alerted the protocol to the attack, asserting that the same attackers responsible for the previous exploit are behind this latest incident.
The ongoing exploit has already drained $3.5 million from several asset pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT. The stolen assets have been converted to Ether (ETH) and are currently held at the attacker’s address. Etherscan has tagged the address in question accordingly based on a report by Togbe, one of the first X users to bring attention to the initial hack.
This latest attack comes just three days after the initial $20 million exploit, which was caused by price manipulation.
According to the analysis from Cyvers, the attackers used a flash loan to swap USDe for other tokens, leading to a lower price of Ethena USDe (USDE) and Ethena Staked USDe (SUSDE). They then deposited the tokens to UwU Lend and lent more SUSDE than expected, driving the USDE price higher. The attackers also deposited SUSDE to UwU Lend and borrowed more Curve DAO (CRV) than anticipated.
