Skip to main content
Sign in
UwU Lend1 decision on this page

Audit log

Every state-changing event for UwU Lend: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-20 04:21:59Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,912,733
    sig
    3nK8iPMMxcLR…xw4vkZWNexplorer ↗
    hash
    8JkJhRyb95iD…gLkhvtdJsha256 → base58
    verifying row…full verify ↗
    canonical bytes (6164 B) ▸
    {"actor":"system:backfill","investigation_id":"e62d5064-babc-4523-958a-95103ace35a9","kind":"publish","page_slug":"uwu-lend","published_at":"2026-05-20T04:21:59.826Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"UwU Lend","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://exponential.fi/protocols/uwu/bdf71040-0a05-48ee-a50b-87b7b621c852"},{"credibility":3,"name":"","type":"other","url":"https://etherscan.io/token/0x55C08ca52497e2f1534B59E2917BF524D4765257"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/uwu-lend/part-two-uwu-lend-84e14ee58b76"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://slowmist.medium.com/analysis-of-the-uwu-lend-hack-9502b2c06dbe"},{"credibility":3,"name":"","type":"other","url":"https://unchainedcrypto.com/uwu-lend-hacker-steals-another-3-7-million-from-protocol/"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/uwu-lend-reacts-to-23-million-hack-pauses-protocol-and-negotiates-with-hacker/"},{"credibility":3,"name":"","type":"other","url":"https://www.quillaudits.com/blog/hack-analysis/uwu-lend-hack"},{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/hacker-drains-19-5-million-from-uwu-lend-in-price-oracle-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://unchainedcrypto.com/0xsifu-offers-20-bounty-to-hackers-after-19-million-uwu-lend-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/uwu-lend-hack-20-million"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://etherscan.io/address/0x841ddf093f5188989fa1524e7b893de64b421f47"},{"credibility":3,"name":"","type":"other","url":"https://slowmist.medium.com/analysis-of-the-uwu-lend-hack-9502b2c06dbe"},{"credibility":3,"name":"","type":"other","url":"https://www.chaincatcher.com/en/article/2129245"},{"credibility":3,"name":"","type":"other","url":"https://www.merklescience.com/blog/investigating-the-uwu-lend-hack-and-flow-of-funds"},{"credibility":3,"name":"","type":"other","url":"https://bitcoinworld.co.in/uwu-lend-exploiter-launders-eth/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://en.wikipedia.org/wiki/Michael_Patryn"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/markets/2022/01/27/wonderland-rattled-after-cofounder-tied-to-alleged-quadrigacx-190m-exit-scam"},{"credibility":3,"name":"","type":"other","url":"https://www.dlnews.com/articles/defi/uwu-founder-offers-bounty-to-settle-flash-loan-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://protos.com/sifus-uwu-lend-reportedly-hacked-for-20m-curves-egorov-among-affected/"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/wonderland-cfo-outed-as-ex-convict-and-quadrigacx-co-founder-michael-patryn-steps-down/"},{"credibility":3,"name":"","type":"other","url":"https://watcher.guru/news/crypto-scandal-defi-project-wonderland-is-run-by-felon-michael-patryn-with-ties-to-quadrigacx-fraud"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cyvers.ai/blog/uwu-lend-23m-exploit-oracle-vulnerabilities-exposed"},{"credibility":3,"name":"","type":"other","url":"https://www.quillaudits.com/blog/hack-analysis/uwu-lend-hack"},{"credibility":3,"name":"","type":"other","url":"https://exponential.fi/protocols/uwu/bdf71040-0a05-48ee-a50b-87b7b621c852"},{"credibility":3,"name":"","type":"other","url":"https://cryptobriefing.com/uwu-lend-second-hack-update/"},{"credibility":3,"name":"","type":"other","url":"https://en.wikipedia.org/wiki/Michael_Patryn"}]}],"sources_used":[],"summary":"UwU Lend is an Ethereum-based DeFi lending protocol forked from Aave V2, launched in September 2022 and operated by Michael Patryn (known pseudonymously as 0xSifu), a co-founder of the collapsed Canadian crypto exchange QuadrigaCX and a convicted felon. In June 2024, the protocol was exploited twice by the same attacker — first for approximately $19.3 million on June 10 and again for $3.7 million on June 13 — via oracle price manipulation using flash loans, bringing combined losses to approximately $23 million.","timeline":[{"date":"2022-01-27","event":"ZachXBT publicly identifies 0xSifu as Michael Patryn, co-founder of QuadrigaCX; Wonderland community votes to remove him from treasury management role","source":""},{"date":"2022-02-01","event":"Patryn returns to Wonderland following an informal community vote","source":""},{"date":"2022-09-01","event":"UwU Lend launches on Ethereum mainnet, forked from Aave V2, founded by Michael Patryn (0xSifu)","source":""},{"date":"2024-06-10","event":"First exploit: Attacker (0x841ddf093f5188989fa1524e7b893de64b421f47) manipulates UwU Lend's sUSDe oracle via Curve Finance spot prices using a ~$3.796 billion flash loan, draining approximately $19.3 million in ETH, crvUSD, bLUSD, and USDC; protocol paused by team","source":""},{"date":"2024-06-11","event":"Michael Patryn (0xSifu) offers the attacker a 20% bounty (approximately $4 million) to return stolen funds; team announces vulnerability patched","source":""},{"date":"2024-06-13","event":"Second exploit: Same attacker uses residual sUSDe collateral from first hack to drain uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT pools for an additional $3.7 million; combined losses reach approximately $23 million","source":""},{"date":"2024-06-14","event":"Protocol reports repayment of approximately $9.7 million in bad debt; attacker does not return funds","source":""},{"date":"2024-06-15","event":"Attacker transfers approximately 1,000 ETH (roughly $3.66 million) to Tornado Cash in initial laundering tranche","source":""},{"date":"2024-10-09","event":"Linked attacker address launders an additional 2,009 ETH through Tornado Cash; total laundered by associated addresses reaches approximately 6,353 ETH","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 9561e01d-e0dd-4a7e-8af6-876e3c70836a
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.