Michael Patryn, aka 0xSifu, offers 20% bounty to settle $20m UwU hack

Michael Patryn, aka 0xSifu, offers 20% bounty to settle $20m UwU hack
A hacker exploited UwU Lend for $20 million on Monday. Credit: Andrés Tapia
  • Lending protocol UwU Lend was hacked for $20 million on Monday.
  • The attacker exploited UwU’s price feed using a massive ‘flash loan.’
  • The protocol’s founder offered the hacker a 20% bounty to drop any potential charges.

A hacker used a massive “flash loan” to drain $20 million from UwU Lend, the crypto lending protocol founded by Michael Patryn, an internet entrepreneur who operated QuadrigaCX, a Canadian crypto exchange that collapsed in 2018 because of fraud.

At UwU, Patryn, who is better known by his pseudonym 0xSifu, has offered the hacker a deal: Return about $16 million in crypto and we’ll drop any potential charges.

“We are offering a 20% white hat bounty of any funds taken,” Patryn wrote in a message sent on Ethereum. “You will face no risk of us pursuing this further and no risk of law enforcement issues.”

The ploy is standard operating procedure in crypto, where identifying hackers and retrieving stolen tokens is a time-consuming ordeal. But it’s often ignored by hackers, with a few notable exceptions.

Launched in 2022, UwU Lend is a clone of lending protocol Aave, which was the second-largest protocol in decentralised finance as of Monday with more than $20 billion in user deposits.

But a key change allowed the hacker to drain the protocol in a series of transactions early Monday, according to crypto security firm Blocksec: the use of easily manipulated price “oracles,” which provide UwU with the price of various tokens.

Along with a multibillion-dollar flash loan — perhaps as large as $4 billion, according to Matthew Jiang, director of security services at Blocksec — the hacker was able to syphon about $20 million from UwU.

“The attacker flash loaned a huge amount of assets,” Jiang told DL News. “He almost borrowed all the assets on the chain that can be flash loaned.”

Join the community to get our latest stories and updates

On X, UwU developers said they had paused the protocol while they investigate the hack. UwU didn’t immediately return DL News’ request for comment on Monday.

Flash loans

Flash loans allow zero-collateral borrowing that must be repaid within the same transaction on the blockchain. Traders leverage these loans for arbitrage trading.

But malicious actors can also use flash loans to syphon liquidity from DeFi protocols. The loans provide the capital needed to take advantage of vulnerabilities within a protocol’s code.

Last year, Ethereum lending protocol Euler Finance initially lost $197 million in a flash loan attack, although the hacker later returned 85% of the stolen crypto.

Other recent flash loan exploits include last month’s $20 million hack of Sonne Finance and the $44 million hack of Hedgey in April.

In the first five months of the year, hackers stole an estimated $560 million from DeFi protocols — a 32% increase from the same period a year prior, according to DefiLlama data.

Patryn was a co-founder of QuadrigaCX, which collapsed because of fraud committed by co-founder Gary Cotten, according to the Ontario Securities Exchange.

The exchange collapsed two years after Patryn had left it. Patryn later became — under his 0xSifu pseudonym – the treasury manager for Wonderland, a popular DeFi protocol. That protocol’s token crashed in January 2022 after Patryn’s identity was revealed.

Aleks Gilbert is a DeFi Correspondent at DL News. Got a tip? Email him at aleks@dlnews.com.