UwU Lend Offers $5M Bounty in Ether to Identify Attacker After Second Exploit

cryptonews.com:

UwU Lend, a decentralized finance (DeFi) protocol, has announced a $5 million bounty in Ether (ETH) for anyone who can identify and locate the attacker responsible for its recent exploits.

The bounty was announced on June 13 in an on-chain message after the hacker failed to return the stolen funds by the negotiated deadline of June 12, 5:00 pm UTC.

Notably, UwU Lend had initially requested the attacker return 80% of the stolen funds from the first attack by the deadline. Despite these efforts, the attacker launched another exploit on June 13, stealing more from UwU Lend’s pools.

UwU Lend has suffered two significant exploits, resulting in a total theft of $24 million. The most recent attack, on June 13, saw the hacker steal $3.7 million from UwU’s uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT pools.

This followed a previous attack on June 10, where $20.3 million was drained through a price manipulation exploit. Following the first attack, UwU Lend had requested the hacker return 80% of the stolen funds, promising no legal action if the request was honored.

However, the hacker did not respond and proceeded with a second exploit on June 13, stealing an additional $3.7 million. Blockchain security firm Cyvers identified that the same hacker executed both attacks using the wallet address “0x841…21f47.”

In response to the second attack, UwU Lend issued an on-chain message to the hacker:

“Repayment deadline for the funds you stole has passed. $5 million bounty to the first person to identify and locate you.”

UwU further claimed that the $5 million bounty would be in Ether and would be paid out before any funds are recovered or charges are laid. Despite these attacks, UwU Lend has reimbursed victims from the first exploit, with over