The DeFi protocol UniLend Finance was reportedly exploited on Ethereum, resulting in the loss of approximately $197,000 in assets.

On January 12, TenArmorAlert for Real-Time Web 3 Security was launched I mentioned An attacker exploited UniLend's "redemption process" by manipulating a flaw in the stock price calculation. This allowed the attacker to artificially inflate the value of his collateral and drain funds from the pool.

The attacker was deposited US dollars and Lido Stead Ether (Stith) As collateral, they borrowed stETH for the entire pool, then took back their initial deposits without paying back the borrowed tokens, effectively depleting the pool.

At approximately 11:19:59 AM UTC, the exploit was executed, with losses initially estimated by TenArmorAlert at $196.2K. However, suffix to update From web security firm SlowMist, it put the total losses slightly higher at $197.6K.

As of press time, UniLend Finance had not addressed the exploit and a request for additional insights from crypto.news remained unanswered.

The DeFi sector has remained a major target of bad actors in recent years. According to forensics firm PeckShield, nearly 60% of all exploits and fraud in 2024 Targeted this sector.

One of the largest exploits of 2024 was that of Radiant Capital, allegedly carried out by the notorious Lazarus group, resulting in a loss of $50 million. The attackers impersonated a former trusted contractor for the DeFi protocol to spread the malware across the devices of at least three of the project's developers.

In November 2024, the liquidity pools of the Thala Protocol Exhausted For approximately $25.5 million, the attacker exploited a vulnerability in the protocol's farming contracts. Fortunately, the attacker agreed to a reward of $300,000 and returned all the stolen assets.