In a dramatic turn of events, the UwU Lend protocol has put a $5 million bounty on the head of the hacker responsible for two major exploits. The team is determined to bring the attacker to justice after failing to recover stolen funds through negotiations.
On June 13, UwU Lend issued an onchain message to the hacker, stating, “Repayment deadline for the funds you stole has passed. 5 Million Dollar bounty to the first person to identify and locate you.” This message followed the hacker’s refusal to return 80% of the stolen funds by the June 12 deadline.
The $5 million bounty, payable in Ether, promises to reward anyone who can identify and locate the attacker before any funds are recovered or legal action is taken.
Blockchain security firm Cyvers revealed that the same hacker wallet address, “0x841…21f47,” executed a second exploit on June 13, siphoning $3.7 million from UwU’s various liquidity pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT.
The initial attack on June 10 resulted in a $20.3 million loss due to a price manipulation scheme. UwU Lend had offered the hacker a deal to return 80% of the funds in exchange for keeping 20% and immunity from legal action. However, this offer was ignored, leading to the subsequent $3.7 million exploit.
Despite these setbacks, UwU Lend has already reimbursed over $9.7 million to victims of the first attack. The combined losses now total $24 million. Interestingly, the UWU Lend token (UWU) has only dropped by 20%, currently trading at $2.51, with a market cap of $22.6 billion according to CoinGecko.
A recent report by Crystal Intelligence highlights the severity of such breaches, noting that nearly $19 billion in cryptocurrencies have been stolen since the first industry hack in June 2011.
UwU Lend’s bold move to offer a substantial bounty underscores the growing challenge of securing DeFi protocols against increasingly sophisticated cyber-attacks.