The creators of the UwU Lend protocol have announced a reward of $5 million for anyone who can identify the attacker responsible for a recent exploit on the platform.
In a message sent on June 13, UwU warned the hacker that the deadline for returning the stolen funds had passed and offered the substantial bounty for their identification. The hacker failed to transfer 80% of the stolen funds by the requested deadline of June 12 at 5:00 pm UTC.
The $5 million bounty, to be paid out in Ether (ETH), will be given to the person who identifies the hacker first, before any funds are recovered or charges are pressed.
The same hacker executed a second exploit on the UwU protocol, stealing $3.7 million from various pools including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT on June 13. Cybersecurity firm Cyvers confirmed that both hacks were carried out using the same wallet address “0x841…21f47.”
The initial exploit saw $20.3 million taken in a price manipulation attack on June 10. UwU then requested that the hacker return 80% of the funds, promising not to pursue legal action and allowing them to keep the remaining 20%.
Despite the promise, the hacker did not respond and proceeded to carry out the second exploit just before UwU announced the $5 million bounty.
As UwU started reimbursing victims from the initial exploit, the second attack occurred, resulting in further losses. However, over $9.7 million has already been repaid to victims, according to a post on UwU Lend X.
Despite the combined losses of $24 million, the UWU token has only dropped by 20% to $2.51 over the past week, according to data from CoinGecko. The token now has a market cap of $22.6 billion.
Since the first reported industry hack in June 2011, nearly $19 billion in cryptocurrencies have been stolen, as per a recent report by Crystal Intelligence.
In a volatile market, experts recommend taking steps to protect your crypto assets.