Photo credit: flatart/Freepik

Decentralized lending protocol UwU Lend is under attack again, suffering another security breach by the same hacker that ran off with $20 million on June 10, according to several blockchain security alert platforms.

Exploit detection and security platform Cyvers was one of the first to alert the lending protocol about the attack, notifying it is “being targeted again by [the] same hacker” from the assault on June 13.

The security breach resulted in a total loss of $3.7 million, affecting six pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT.  The on-chain data analytic platform stated the hacker had already converted all stolen assets to Ether (ETH), consolidating them in their address.

Blockchain security firms Beosin and Blocksec also notified the lending protocol and the public about the same attack.

This incident marks the second time within a week that UwU Lend has fallen victim to flash loan exploits from the same perpetrator. At the time of the first attack, Beosin said it was caused by price manipulation of oracles of sUSDe stablecoin on the platform.

The UwU Lend team has since acknowledged the vulnerability in the initial attack, stating on June 12 that it has been resolved. Before the protocol got hacked again, the team was already working on repaying “all bad debt as quickly as reasonably possible.”

So far, the lending protocol has repaid a total of $9.7 million, including assets in DAI, crvUSD, USDT, and wETH.

UwU Lend was founded by an individual known as Michael Patryn, who has also used the names Omar Dhanani and 0xSifu. Patryn was previously associated with QuadrigaCX, a cryptocurrency exchange that ceased operations following accusations of illicit activities.