Background
Recently, the UwU Lend platform has suffered two large-scale hacker attacks in succession. The first attack occurred on Monday, causing a loss of about $19.3 million (about 130 million RMB). A few days later on Thursday, the platform was attacked again, with a loss of about $3.7 million (about 25.9 million RMB). Experts suspect that these two incidents may have been caused by the same attacker.
Hackers took advantage of the manipulation loopholes of the price oracle to manipulate the price of sUSDe through flash loan operations, repeatedly pledged and liquidated, and eventually stole a large amount of funds. As the guardian of blockchain security, BitJungle conducted a detailed analysis of this incident through the Zhong Kui traceability system, revealing the hacker's methods and capital flows behind it.
Hacker attack methods revealed
The hackers successfully carried out the attack using the following steps:
Flash loan operations
Flash loans are a special form of lending that allows users to borrow a large amount of money in one transaction as long as they are repaid in the same transaction. The hacker first used flash loans to borrow a large amount of money from the UwU Lend platform. This operation does not require collateral, but the repayment must be completed in the same transaction, which means that borrowing and repayment must be completed within a short period of time.
Price Oracle Manipulation
Price oracles are tools used in blockchain systems to provide external data (such as price information). Hackers discovered and exploited a vulnerability in the oracle of the UwU Lend platform, causing abnormal price fluctuations in sUSDe. By manipulating the oracle, hackers artificially raised or lowered the price of sUSDe, thereby affecting the value of assets on the platform.
Profit from staking and liquidation
Staking means that users use crypto assets as collateral to obtain loans or other benefits. Liquidation is when the value of the collateral falls below a certain threshold and the platform forces the collateral to be sold to repay the loan. Hackers repeatedly perform staking and liquidation operations during periods of abnormal price fluctuations. The specific steps are as follows:
When the price was artificially manipulated to an abnormally high level, the hacker pledged sUSDe to obtain more loans.
Subsequently, the oracle loophole was exploited to drive down the price, causing the pledged assets to be liquidated by the platform.
During the liquidation process, hackers repurchased assets at low prices and made huge profits through a series of complex operations.
Zhong Kui traceability system reveals where hacker funds flow
BitJungle’s Zhong Kui traceability system shows the flow of hacker funds and accurately tracks stolen assets.
Hacker address 0x841ddf093f5188989fa1524e7b893de64b421f47
Initial funding source: Tornado.cash 1ETH (address: 0x47...2936), transferred funds are $3.44K. Tornado.cash is a privacy protection tool, often used to obfuscate the source of funds and increase the difficulty of tracking.
Main capital flow paths
After successfully stealing the funds, the hacker quickly converted the funds into ETH and transferred them to two main addresses:
Address 1: 0x48d7c1dd4214b41eda3301bca434348f8d1c5eb6, balance is 1282ETH, capital inflow: $3.44K (1 transaction). This address is used as a temporary storage location for funds.
Address 2: 0x050c7e9c62bf991841827f37745ddadb563feb70, balance 4010ETH, capital inflow: $13.96M (5 transactions). A large amount of funds were transferred to this address and temporarily stayed there.
BitJungle will pay close attention to such security incidents. If necessary, please contact BitJungle, the official Twitter @bitjungle_team or the official email address bitjungle@163.com.
Analysis and Conclusion
Through the in-depth analysis of the Zhong Kui traceability system, we can better understand these complex attack methods and provide valuable references for future preventive measures. Here, we remind all cryptocurrency investors and project parties to strengthen the security audit of smart contracts and oracle mechanisms to prevent similar attacks from happening. The Zhong Kui traceability system will continue to provide you with the latest and most comprehensive blockchain security analysis.
We hope that UwU Lend can cooperate with BitJungle to use our professional technology and traceability system to help recover stolen assets and reduce losses.
ABOUT BIT JUNGLE
BitJungle is a blockchain security company dedicated to providing security products and services such as digital asset security protection, security incident investigation, and recovery of stolen digital assets. Its services include digital asset traceability (Zhong Kui system), security incident investigation, smart contract auditing, security assessment, anti-money laundering risk control, etc.
BitJungle has rich experience in security research and advanced data analysis and data mining tools. It has cooperated with the police to crack many major security theft cases in the blockchain industry, with the amount involved in a single case exceeding hundreds of millions of US dollars. With its senior professional experience, BitJungle has been widely recognized and supported by the police in many places and the blockchain industry.
The company's service clients are mainly distributed in China, Hong Kong, Canada, the United States, Singapore, Japan and other countries and regions. The company currently has offices in Hong Kong, Shenzhen, Shanghai and Qingdao.
Scan the QR code below to follow us and get more blockchain information. If you need to investigate security incidents, recover stolen digital assets, or conduct security audits, you can contact us in the following ways:
Official email address contact@bitjungle.io
Official Twitter @bitjungle_team
Official website https://www.bitjungle.cn/
Security incident investigation
Restore the truth of the incident|Find the suspect|Recover the stolen digital assets
90% crime solving rate (crime committed by the team) 65% crime solving rate (crime committed by hackers in the team)
$150M+ amount of digital assets recovered
No. 1 in the industry, with a market share of over 60% in major cases
Solved many transnational cases
Assisted the police in arresting more than 30 suspects
Zhong Kui traceability system
Millions of address tags | Graph visualization | Real-time tracking of digital assets
Supports all on-chain tokens such as ETH, TRX, BSC, etc.
Real-time monitoring of blockchain transactions
Millions of address labels
Asset Chain Map
Assisting the police in freezing digital assets
