UniLend Finance, a DeFi protocol, has reportedly misplaced funds to an attacker. As reported by SlowMist, a Blockchain safety agency, the attacker exploited a vulnerability on the DeFi protocol’s redeem course of, permitting him to steal $197.6K. The attacker manipulated the protocol’s share value, resulting in miscalculation of the collateral worth by the protocol permitting him an opportunity to empty the protocol’s pool.
https://twitter.com/SlowMist_Team/standing/1878651772375572573
What Actually Occurred?
Within the assault that occurred on Jan. 12, 2025, the attacker made a deposit to the platform in USDC and Lido Staked Ether (StETH). He then went forward to borrow all of the pool’s StETH utilizing the USDC and StETH deposited earlier as collateral.
After receiving the borrowed StETH, the attacker redeemed his deposits with out repaying the borrowed tokens, therefore depleting all of the crypto from the pool. As indicated by Etherscan, the attacker despatched the stolen crypto to pockets handle 0x3F…dA21.
After the assault, UniLend Finance has confirmed the incident on their official X web page. “We’ve recognized a safety compromise affecting ~$200k (~4%) of the $4.7M TVL on UniLend Platform,” the put up learn.
The agency has additionally suggested customers to chorus depositing funds into UniLend V2. Moreover, UniLend has confirmed that the funds on UniLend V1 are fully secure. “UniLend V1 funds are fully SAFU,” confirmed UniLend. SAFU stands for “Safe Asset Fund for Customers” that are funds put aside for customers in case of an excessive assault.
UniLend Affords 20% Bounty to the Attacker
UniLend Finance is dedicated to resolve the problem providing a beacon of hope for the affected DeFi customers. Aiming to get well the funds, the agency is providing 20% to the attacker if he’s prepared to return the stolen funds.
“Within the spirit of fostering decision, we’re providing a 20% bounty to the accountable celebration for the secure return of funds.” UniLend said. “In the event you’re prepared to cooperate, please return the funds and attain out to us securely. Let’s work in direction of an amicable answer,” the agency additional added.
Whereas it’s fairly unlikely for crypto attackers to return stolen funds, UniLend Finance and the affected customers stay hopeful that the attacker will take the 20% white hat route provided to him.
A Rise in Crypto Assaults
There was a current surge in crypto assaults lately. As lined earlier, 2024 topped the years through which crypto assaults have been at their highest, with $2.2 Billion stolen from cryptocurrency platforms within the yr. This marked a 21.07% surge from the previous yr, 2023.
Moreover, the Chainalysis report indicated that the DeFi sector is a main goal for crypto attackers. DeFi accounted for the most important share of all misplaced funds in Quarter 1 of 2024. Nevertheless, the assaults shifted to centralized companies in Q2 and Q3 of the identical yr.
With the current assault on UniLend Finance, simply 12 days into the yr, 2025 may very well be set for the same pattern skilled in 2024. As we progress additional into 2025, crypto platforms are urged to make sure adherence with safety greatest practices. This can assist to scale back publicity to devastating assaults and important lack of funds.
