UniLend Finance, a DeFi protocol, has reportedly misplaced funds to an attacker. As reported by SlowMist, a Blockchain safety agency, the attacker exploited a vulnerability on the DeFi protocol’s redeem course of, permitting him to steal $197.6K. The attacker manipulated the protocol’s share worth, resulting in miscalculation of the collateral worth by the protocol permitting him an opportunity to empty the protocol’s pool.
https://twitter.com/SlowMist_Team/standing/1878651772375572573
What Actually Occurred?
Within the assault that occurred on Jan. 12, 2025, the attacker made a deposit to the platform in USDC and Lido Staked Ether (StETH). He then went forward to borrow all of the pool’s StETH utilizing the USDC and StETH deposited earlier as collateral.
After receiving the borrowed StETH, the attacker redeemed his deposits with out repaying the borrowed tokens, therefore depleting all of the crypto from the pool. As indicated by Etherscan, the attacker despatched the stolen crypto to pockets handle 0x3F…dA21.
After the assault, UniLend Finance has confirmed the incident on their official X web page. “We’ve recognized a safety compromise affecting ~$200k (~4%) of the $4.7M TVL on UniLend Platform,” the post learn.
The agency has additionally suggested customers to chorus depositing funds into UniLend V2. Moreover, UniLend has confirmed that the funds on UniLend V1 are fully secure. “UniLend V1 funds are fully SAFU,” confirmed UniLend. SAFU stands for “Safe Asset Fund for Customers” that are funds put aside for customers in case of an excessive assault.
UniLend Gives 20% Bounty to the Attacker
UniLend Finance is dedicated to resolve the difficulty providing a beacon of hope for the affected DeFi customers. Aiming to get well the funds, the agency is providing 20% to the attacker if he’s keen to return the stolen funds.
“Within the spirit of fostering decision, we’re providing a 20% bounty to the accountable celebration for the secure return of funds.” UniLend stated. “In case you’re keen to cooperate, please return the funds and attain out to us securely. Let’s work in direction of an amicable resolution,” the agency additional added.
Whereas it’s fairly unlikely for crypto attackers to return stolen funds, UniLend Finance and the affected customers stay hopeful that the attacker will take the 20% white hat route supplied to him.
A Rise in Crypto Assaults
There was a current surge in crypto assaults just lately. As covered earlier, 2024 topped the years wherein crypto assaults have been at their highest, with $2.2 Billion stolen from cryptocurrency platforms within the 12 months. This marked a 21.07% surge from the previous 12 months, 2023.
Moreover, the Chainalysis report indicated that the DeFi sector is a main goal for crypto attackers. DeFi accounted for the biggest share of all misplaced funds in Quarter 1 of 2024. Nevertheless, the assaults shifted to centralized providers in Q2 and Q3 of the identical 12 months.
With the current assault on UniLend Finance, simply 12 days into the 12 months, 2025 could possibly be set for the same development skilled in 2024. As we progress additional into 2025, crypto platforms are urged to make sure adherence with safety greatest practices. This may assist to cut back publicity to devastating assaults and vital lack of funds.
