Michael Patryn and the Security Crisis at UwU Lend: The $20 Million Attack

The UwU Lend lending protocol recently suffered an attack resulting in a loss of $20 million. Behind this platform is Michael Patryn, a businessman known by his pseudonym 0xSifu, who has proposed compensation to the attackers as part of an agreement to recover the stolen funds. This incident once again highlights the persistent risks in decentralized finance.

Who is Michael Patryn: From QuadrigaCX to 0xSifu

Michael Patryn gained notoriety in the crypto ecosystem as the co-founder of QuadrigaCX, a Canadian cryptocurrency exchange that collapsed in 2018 following a scandal associated with fraud. Patryn had left the company two years before it ultimately shut down. Years later, under the pseudonym 0xSifu, he reappeared in the DeFi space as the treasury manager of Wonderland, a protocol that gained popularity but whose token plummeted in January 2022 when his true identity was revealed.

With this complex history on his resume, Michael Patryn launched UwU Lend in 2022, designing the platform as a variant of the Aave protocol, which at the time held over $20 billion in user deposits, positioning it as the second most important protocol in the sector.

The attack on the protocol: manipulable oracles and flash loans

The hack occurred through a sophisticated combination of two technical vulnerabilities. The attacker exploited the use of easily manipulable price oracles that provided UwU with information about the value of various tokens. According to Blocksec, a cybersecurity firm, the perpetrator also employed a massive flash loan (estimated at approximately $4 billion) to exploit these weaknesses in the protocol.

“The attacker borrowed a huge amount of assets,” explained Matthew Jiang, director of security services at Blocksec. “He practically borrowed all available assets on the chain that can be used in flash loans.” This combination allowed the criminal to divert around $20 million from the platform.

Flash loans are operations that allow borrowing assets without collateral, provided they are repaid within the same blockchain transaction. While these mechanisms are useful for legitimate arbitrage operations, they have also been exploited by malicious actors to drain liquidity from vulnerable DeFi protocols.

Compensation proposal and the reality of DeFi attacks

In response to the incident, Michael Patryn proposed an unconventional incentive: if the attackers returned approximately $16 million in cryptocurrencies, the protocol would commit not to pursue legal action or cooperate with law enforcement authorities. Patryn offered a reward of 20% of the recovered funds as an additional incentive.

“We are offering a white-hat compensation of 20% of any recovered funds,” Patryn stated via a message on Ethereum. “They will face no legal risks if they agree to this deal, and there will be no involvement from authorities.”

This tactic is relatively common in the crypto ecosystem, where the costs and complexity of recovering stolen tokens pose a significant challenge. However, attackers often reject these offers, although there are notable cases of acceptance.

The growing trend of attacks via flash loans

UwU Lend is not an isolated case. Euler Finance, a lending protocol on Ethereum, experienced a similar attack that initially resulted in losses of $197 million, though the attacker later returned 85% of the stolen funds. Other recent examples include the hack of Sonne Finance for $20 million several months ago, and the attack on the Hedgey protocol for $44 million in the first half of the year.

According to data compiled by DefiLlama, during the first five months of the last fiscal year, attackers extracted approximately $560 million from DeFi protocols, representing a 32% increase compared to the same period the previous year. This trend underscores the ongoing vulnerability of decentralized platforms to sophisticated security exploits.

The case of Michael Patryn and UwU Lend reflects how, even with questionable backgrounds in the industry, crypto entrepreneurs continue launching new projects. The security of these protocols remains a critical challenge that requires greater attention from both developers and regulators.