UniLend Finance experienced a $197K loss due to exploitation of collateral token balance calculation flaws.
The attacker used USDC and stETH to manipulate the platform, borrowing stETH and redeeming collateral without repayment.
UniLend Finance continues its work in decentralized AI, partnering with Singular AI Network to advance Web3 and AI technologies.
Web3 security firm TenArmorAlert has reported a suspicious attack on UniLend Finance, a decentralized finance (DeFi) platform, which led to a loss of around $197K. The firm revealed that the issue stemmed from flaws in how the platform calculates a user’s collateral token balance, leading to incorrect valuations that could be exploited.
TenArmorAlert explained the exploitation on its X page, noting that the attacker took advantage of the flaws by depositing USDC USDC$1.0024h volatility:0.0%Market cap:$56.46 BVol. 24h:$5.46 B
and stETH as collateral, borrowing the entire pool’s stETH, and then redeeming their deposited USDC and stETH without returning the borrowed stETH. The firm stated:
“Exploiting this flaw, the attacker deposited USDC and stETH, borrowed the entire pool’s stETH, and then redeemed the previously deposited USDC and stETH without repaying the borrowed stETH.”
DeFi Sector Faces Increased Risk of Exploitation
SlowMist, another blockchain security firm, also confirmed the exploitation and the process by which it occurred. However, SlowMist estimated the total loss at $197,600. The firm revealed:
“We detected that UniLend Finance was exploited with a loss of $197.6K. The root cause was that the attacker exploited a vulnerability in the redeem process, manipulating the share price, which led to incorrect calculation of the attacker’s collateral value by the protocol.”
This recent exploitation of UniLend Finance shows that the DeFi sector has become a prime target for bad actors. Blockchain security firm PeckShieldAlert revealed in its annual crypto security report that the DeFi sector accounted for more than 53% of the total losses due to hacks, making it a major target.
A similar fate befell Radiant Capital late last year, resulting in a loss of $50 million. The attack was allegedly linked to North Korea’s infamous Lazarus Group. In November, Thala Protocol also lost about $25.5 million when an attacker exploited a weakness in its farming contracts. The funds were later returned after the attacker accepted a $300,000 reward.
UniLend’s Innovations in Decentralized AI amid Security Challenges
Prior to the exploitation, UniLend Finance had joined forces with Singular AI Network to advance decentralized AI and blockchain solutions. The collaboration aims to build infrastructure for training AI systems, leverage UniLend’s expertise in decentralized AI and fundraising, and develop scalable, privacy-centered AI technologies. Together, they seek to create innovative, secure, and efficient AI tools for the Web3 space.
UniLend Finance has also recently introduced Lamaa_AI, which is designed to shape how developers and businesses create, customize, and monetize AI agents. Lamaa AI offers numerous possibilities in DeFAI, such as dynamically managing portfolios by adjusting based on market trends, using predictive analytics to optimize lending strategies, automating compliance with DeFi rules to reduce risks, and analyzing NFT market trends to guide profitable trades.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Temitope is a writer with more than four years of experience writing across various niches. He has a special interest in the fintech and blockchain spaces and enjoy writing articles in those areas. He holds bachelor's and master's degrees in linguistics. When not writing, he trades forex and plays video games.