Sifu’s UwU Lend reportedly hacked for $20M, Curve’s Egorov among affected
UwU Lend, created by notorious fraudster Michael Patryn (a.k.a. 0xSifu) has been hacked for almost $20 million, according to an alert by blockchain security firm Cyvers.
An initial post on X (formerly Twitter) drew attention to $14 million worth of losses before Cyvers identified further losses, totaling $19.5 million worth of crypto assets.
The attack transactions show the use of ‘flash loans’ which can be used to manipulate asset prices on decentralized finance (DeFi) apps. Audit firm Peckshield noted that, in this case, five stablecoin pairs were targeted in order to influence the sUSDe price feed, or ‘oracle.’
UwU Lend is a ‘fork’ of DeFi’s premier lending protocol Aave, specifically its v2 codebase. In November, Aave alerted the community to a bug found in the v2 code which was later remediated by disabling stable borrow rates.
The protocol was paused shortly after the attack, according to the official UwU Lend X account.
Read more: DoJ claims Tornado Cash indictment is not about ‘free speech’
Stolen funds include USDC, FRAX, crvUSD and blUSD. These were converted to ETH before being consolidated in a new address which currently holds over 4000 ETH ($15 million). The hacker was funded two days ago via the sanctioned crypto mixing service Tornado Cash.
Among the users affected by the hack was Curve Finance founder Michael Egorov. UwU Lend is one of several platforms he uses to borrow stablecoins against his own CRV holdings. The price of CRV has dropped around 5% since the hack, according to data from CoinMarketCap.
Read more: Curve Finance ‘gentleman’s agreement’ expires, counterparties dump CRV
Patryn was revealed to be behind the pseudonym 0xSifu by on-chain detective ZachXBT in February of 2022. Previously, he had co-founded the Canadian crypto exchange QuadrigaCX, which lost nine figures of user funds in 2019.
Since then, Patryn had worked alongside Daniele Sestagalli, building a DeFi empire known as ‘Frog Nation.’ The projects included Magic Internet Money, Wonderland, and Abracadabra, which was itself hacked for $6.5 million earlier this year.
Over the past week, Ethereum L2 Loopring reported a compromise of its ‘smart wallet’ 2FA system, landing a hacker $5 million worth of ETH, and crypto exchange Lykke was reportedly hacked for $19.5 million of BTC and ETH.
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.