Shocking! UwU Lend protocol was hacked twice, $24 million was stolen! The team offered a $5 million reward to catch the hacker. Can we negotiate with the hacker to recover the funds?

UwU Lend hackers stole a total of $24 million from the protocol in two attacks

The team behind the UwU Lend protocol will offer a $5 million bounty to anyone who identifies the attacker after a second attack on the protocol.

In an on-chain direct message on June 13, UwU Lend informed the hacker that the repayment deadline for the stolen funds had expired. After the hacker failed to return 80% of the stolen funds by 5:00 pm on June 12.

The latest on-chain message sent by UwU to the hacker. Source: Etherscan

UwU claims that the $5 million bounty will be provided in the form of Ether.

Blockchain security company Cyvers confirmed that the hacker performed two attacks using the wallet address "0x841...21f47".

UwU Lend hacker's first attack

The first breach occurred on June 10 and involved a price manipulation attack that resulted in a loss of $20.3 million. And UwU asked for 80% of the funds to be returned, allowing them to keep the remaining 20%. And also assured the hacker that they would stop taking legal action. But the hacker did not respond and carried out a second attack on June 13, amounting to $3.7 million.

UwU’s earlier on-chain message to the hacker Source: Etherscan

UwU has paid out more than $9.7 million to victims of the first $20.3 million breach.

Due to the ongoing market volatility and the complexity of blockchain security, the $5 million bounty remains an unknown in identifying and arresting the hacker.

Affected by the incident, UwU Lend’s native token (UWU) has only fallen 20% in the past week and is currently trading at $2.51, according to CoinGecko. Its market capitalization is $22.6 billion.

UWU price change over the past week Source: CoinGecko

Cryptocurrency security is becoming increasingly difficult

The incident adds to the ongoing challenges facing the cryptocurrency sector, which has seen more than $19 billion stolen in various hacks since June 2011, according to a report from Crystal Intelligence.

Cryptocurrency hacks and scams per year (by dollar value). Source: Crystal Intelligence

Should you negotiate with hackers in the face of this?

ImmuneFi CEO Mitchell Amador supports negotiating with hackers, despite the ethical discomfort it may cause.

“It’s like someone chases you into an alley and they say, ‘Give me your wallet,’ and beat you up. You’re like, ‘Wow, that’s wrong;’ but the reality is that you have a responsibility to your users, your investors, and ultimately to yourself to protect your financial interests,” he said.

He stressed the responsibility to protect financial interests and said that even a small chance of recovering funds through negotiation is better than losing them completely.

Amador highlighted the Poly Network hack as a successful example, where $610 million was returned after negotiations involving a bug bounty payout.

Maybe the PolyNet hacker actually just wanted a small bounty for his efforts. Source: Tom Robinson via Twitter

Erin Plante, vice president of investigations at Chainalysis, advises against negotiating with hackers, arguing that it is unnecessary and could escalate extortion tactics.

She recommends seeking help from blockchain intelligence firms and law enforcement, and cites undisclosed successful recoveries as evidence that alternatives to negotiation exist.

“We are seeing more and more successful recoveries that are not publicly disclosed,” she said. “But it is happening, and it is not impossible to recover the funds. So, ultimately, it may not be necessary to pay the scammers.”

The debate over negotiating with hackers remains contentious. While some advocate for negotiation based on potential rewards and historical success, others oppose rewarding criminal behavior and advocate for alternative recovery methods.

Ultimately, the decision comes down to weighing the risks and ethical considerations unique to each incident.