DeFi
Michael Patryn, aka 0xSifu, offers 20% bounty to settle $20 million UwU hack – DL News
- The UwU Lend lending protocol was hacked on Monday for $20 million.
- The attacker exploited UwU pricing information using a massive “flash loan”.
- The protocol’s founder offered the hacker a 20% bounty to drop any potential charges.
A hacker used a massive “flash loan” to drain $20 million from UwU Lend, the crypto lending protocol founded by Michael Patryn, an internet entrepreneur who operated QuadrigaCX, a Canadian crypto exchange that collapsed in 2018 due to fraud.
At UwU, Patryn, better known by his pseudonym 0xSifu, offered the hacker a deal: return approximately $16 million in crypto and we’ll drop all potential charges.
“We are offering a 20% bonus on all funds raised,” Patryn wrote in a statement. message sent to Ethereum. “There is no risk of us pursuing this approach and no risk of enforcement issues.”
This ploy is standard operating procedure in the crypto space, where identifying hackers and recovering stolen tokens is a time-consuming ordeal. But it’s often ignored by hackers, with a few notable exceptions.
Launched in 2022, UwU loan is a clone of the Aave lending protocol, which as of Monday was the second-largest decentralized finance protocol with over $20 billion in user deposits.
But one key change allowed the hacker to drain the protocol in a series of transactions early Monday, according to crypto security firm Blocksec: the use of easily manipulated price “oracles” that provide the UwU with the price of various tokens.
Along with a multibillion-dollar flash loan — possibly as much as $4 billion, according to Matthew Jiang, director of security services at Blocksec — the hacker managed to siphon about $20 million from the UwU .
“The attacker lent a huge amount of assets,” Jiang said. DL News. “He almost borrowed all the assets on the chain that can be flash loaned.”
Join the community to receive our latest stories and updates
On X, UwU developers said they had suspended the protocol while they investigated the hack. UwU did not return immediately DL News‘request for comment Monday.
Flash loans
Flash loans allow unsecured borrowing that must be repaid in the same transaction on the blockchain. Traders leverage these loans for arbitrage trading.
But bad actors can also use flash loans to siphon liquidity from DeFi protocols. Loans provide the capital needed to take advantage of vulnerabilities in a protocol’s code.
Last year, Ethereum lending protocol Euler Finance initially lost $197 million in a flash loan attack, although the hacker later income 85% of crypto stolen.
Other recent exploits related to flash loans include the Sonne Finance hack for $20 million last month and the Hedgey hack for $44 million in April.
In the first five months of the year, pirates stole a estimated $560 million from DeFi protocols – an increase of 32% compared to the same period of the previous year, according to data from DefiLlama.
Patryne was co-founder of QuadrigaCX, which collapsed due to fraud committed by co-founder Gary Cotten, according to the Ontario Securities Exchange.
The stock market crashed two years after Patryn left it. Patryn later became – under his pseudonym 0xSifu – the head of treasury at Wonderland, a popular DeFi protocol. This protocol’s token crashed in January 2022 after Patryn’s identity was discovered. revealed.
Aleks Gilbert is a DeFi correspondent at DL News. Do you have any advice? Send him an email to aleks@dlnews.com.