Decentralized lending protocol UwU Lend has unveiled a $5 million bounty to “identify and locate” the exploiter.
Developers of UwU Lend are promising to pay up to $5 million “to the first person to identify and locate” a hacker, who exploited the protocol for over $23 million worth of crypto. The bounty was announced shortly after the attacker missed the deadline set by the UwU Lend team, who expected the return of 80% of the stolen funds in exchange for a 20% reward.
As crypto investigator @CryptoEvgen noted in their X account, the hacker started funneling the stolen assets via Tornado Cash, a mixing service sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) for facilitating approximately $7 billion in crypto laundering since 2019.
As of press time, it’s understood that the hacker has already laundered at least 500 ETH, valued at approximately $1.7 million at current market prices.
UwU Lend, which leverages the open-source AAVE v2 code, suffered two separate attacks from the same hacker in less than three days, executing what appears to be flash loan attacks that compromised multiple liquidity pools.
Founded by Michael Patryn, also known as Omar Dhanani or “0xSifu” — a co-founder of the now-defunct QuadrigaCX exchange — UwU Lend provides lending, borrowing, and staking services while distributing platform revenues through its native token, UwU.
