Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
On June 10, 2024, according to the security monitoring system MistEye by SlowMist, the digital asset lending platform UwU Lend on the EVM chain was attacked, resulting in a loss of approximately $19.3 million. The attacker manipulated the price oracle by making large exchanges in the CurveFinance pool, affecting the price of the sUSDE token, and used the manipulated price to arbitrage other assets from the pool. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 19,300,000.
- chain
- —
- protocol
- UwU Lend
- bug_class
- oracle
- date_occurred
- 2024-06-10
- loss_usd
- $19,300,000
- source_id
- sm:uwu-lend::2024-06-10