UniLend Finance Suffers $197K Loss Due to Vulnerability Exploit

UniLend Finance experienced a $197K loss due to exploitation of collateral token balance calculation flaws.

The attacker used USDC and stETH to manipulate the platform, borrowing stETH and redeeming collateral without repayment.

UniLend Finance continues its work in decentralized AI, partnering with Singular AI Network to advance Web3 and AI technologies.

Web3 security firm TenArmorAlert has a suspicious attack on UniLend Finance, a decentralized finance (DeFi) platform, which led to a loss of around $197K. The firm revealed that the issue stemmed from flaws in how the platform calculates a user’s collateral token balance, leading to incorrect valuations that could be exploited.

TenArmorAlert explained the exploitation on its X page, noting that the attacker took advantage of the flaws by depositing USDC and stETH as collateral, borrowing the entire pool’s stETH, and then redeeming their deposited USDC and stETH without returning the borrowed stETH. The firm stated:

“Exploiting this flaw, the attacker deposited USDC and stETH, borrowed the entire pool’s stETH, and then redeemed the previously deposited USDC and stETH without repaying the borrowed stETH.”

“Exploiting this flaw, the attacker deposited USDC and stETH, borrowed the entire pool’s stETH, and then redeemed the previously deposited USDC and stETH without repaying the borrowed stETH.”

DeFi Sector Faces Increased Risk of Exploitation

SlowMist, another blockchain security firm, also the exploitation and the process by which it occurred. However, SlowMist estimated the total loss at $197,600. The firm revealed:

“We detected that UniLend Finance was exploited with a loss of $197.6K. The root cause was that the attacker exploited a vulnerability in the redeem process, manipulating the share price, which led to incorrect calculation of the attacker’s collateral value by the protocol.”

“We detected that UniLend Finance was exploited with a loss of $197.6K. The root cause was that the attacker exploited a vulnerability in the redeem process, manipulating the share price, which led to incorrect calculation of the attacker’s collateral value by the protocol.”

This recent exploitation of UniLend Finance shows that the DeFi sector has become a prime target for bad actors. Blockchain security firm PeckShieldAlert in its annual crypto security report that the DeFi sector accounted for more than 53% of the total losses due to hacks, making it a major target.

A similar fate befell Radiant Capital late last year, resulting in a loss of $50 million. The attack was allegedly linked to North Korea’s infamous Lazarus Group. In November, Thala Protocol also lost about $25.5 million when an attacker exploited a weakness in its farming contracts. The funds were later returned after the attacker accepted a $300,000 reward.

UniLend’s Innovations in Decentralized AI amid Security Challenges

Prior to the exploitation, UniLend Finance had joined forces with Singular AI Network to advance decentralized AI and blockchain solutions. The collaboration aims to build infrastructure for training AI systems, leverage UniLend’s expertise in decentralized AI and fundraising, and develop scalable, privacy-centered AI technologies. Together, they seek to create innovative, secure, and efficient AI tools for the space.

UniLend Finance has also recently introduced Lamaa_AI, which is designed to shape how developers and businesses create, customize, and monetize AI agents. Lamaa AI offers numerous possibilities in DeFAI, such as dynamically managing portfolios by adjusting based on market trends, using predictive analytics to optimize lending strategies, automating compliance with DeFi rules to reduce risks, and analyzing NFT market trends to guide profitable trades.