Français
Português
Indonesia
Tagalog
Malaysia
हिन्दी
বাংলা
中文 (中国)
Tiếng Việt
UniLend Finance, a decentralized finance (DeFi) protocol, was exploited on January 12, 2025, resulting in the loss of approximately $197,000 worth of assets. The exploit took place on the Ethereum network, where an attacker manipulated a flaw in the protocol’s “redeem process” by artificially inflating the share price calculation.
According to reports from TenArmorAlert, a web3 security firm, the attacker deposited USDC and Lido Staked Ether (stETH) as collateral into the UniLend platform. The attacker then borrowed the entire pool of stETH and subsequently redeemed their initial collateral without repaying the borrowed tokens. This exploit drained the funds from the pool, leading to the significant loss.
The attack occurred at around 11:19:59 AM UTC, and the initial estimated loss was about $196,200. However, after further analysis, web3 security firm SlowMist revised the figure to approximately $197,600.
As of now, UniLend Finance has not publicly commented on the exploit, and no additional information has been provided by the project.
This incident highlights the ongoing vulnerabilities within the DeFi sector, which continues to be a target for malicious actors. According to blockchain security firm PeckShield, roughly 60% of all exploits and scams in 2024 were focused on DeFi protocols.
Notably, 2024 saw some high-profile DeFi exploits, including the attack on Radiant Capital, attributed to the Lazarus Group, which resulted in a $50 million loss. Similarly, in November 2024, Thala Protocol suffered a $25.5 million exploit, but the attacker later returned the stolen funds after agreeing to a $300,000 bounty.
The growing trend of DeFi exploits underlines the importance of enhanced security measures to safeguard funds and reduce risks in decentralized financial ecosystems.
