CoinClear

UwU Lend

1.8/10

Sifu's lending protocol — Aave fork by the QuadrigaCX co-founder, exploited for $23M+ in two attacks within days. A masterclass in why founder reputation matters in DeFi.

Updated: February 16, 2026AI Model: claude-4-opusVersion 1

Overview

UwU Lend launched in 2022 as an Aave V2 fork on Ethereum, founded by Michael Patryn, who operates in DeFi under the pseudonym 0xSifu. Patryn's identity is significant: he is the co-founder of QuadrigaCX, the Canadian cryptocurrency exchange whose collapse in 2019 resulted in approximately $190 million in lost customer funds. The QuadrigaCX case involved allegations of fraud and Ponzi-like operations by founder Gerald Cotten (who allegedly died under disputed circumstances).

Despite this extraordinarily controversial background, UwU Lend attracted TVL during the DeFi bull market, with some users willing to overlook founder risk in pursuit of yield. The protocol offered standard Aave V2 lending functionality with additional features around its SIFUM ecosystem and UWU token incentives.

In June 2024, UwU Lend was exploited for approximately $19.4 million through an oracle manipulation attack. The attacker manipulated the price of CRV (Curve) tokens through spot market trades, which UwU Lend's oracle relied on, allowing the attacker to borrow against inflated collateral values. Days later, a second exploit drained an additional ~$3.7 million using a similar vector — suggesting the root cause was not fully addressed after the first attack.

The double exploit, combined with the founder's history, makes UwU Lend one of the most problematic protocols in DeFi.

Smart Contracts

Aave V2 Fork

UwU Lend's base contracts are forked from Aave V2, a proven and extensively audited lending codebase. However, UwU Lend made modifications — particularly around oracle configuration and asset listing policies — that deviated from Aave's conservative approach. These deviations proved fatal.

Oracle Configuration

The critical failure was in oracle design. UwU Lend used price feeds that were susceptible to spot market manipulation for certain assets. Unlike Aave, which uses Chainlink oracles with extensive manipulation resistance, UwU Lend's oracle setup for some assets relied on pricing mechanisms that could be manipulated through concentrated market trades.

Custom Modifications

Beyond oracle changes, UwU Lend introduced custom features around the SIFUM ecosystem and token mechanics. These modifications increased the divergence from the battle-tested Aave V2 codebase and introduced untested interaction patterns.

Security

June 2024 Exploits (~$23M Total)

First Exploit (~$19.4M): An attacker manipulated the price of sUSDE and other assets by conducting large trades on Curve pools that UwU Lend's oracles referenced. The inflated oracle prices allowed the attacker to deposit manipulated-value collateral and borrow real assets, draining the protocol.

Second Exploit (~$3.7M): Just days after the first attack, a second exploit used a similar oracle manipulation vector to drain additional funds. The fact that the second exploit succeeded using the same class of vulnerability as the first — before the root cause was fully remediated — is damning.

Founder Risk Materialized

The DeFi community repeatedly warned about the risks of trusting funds to a protocol founded by someone with Patryn/Sifu's history. These warnings proved prescient. While the exploits were executed by external attackers (not the founder), the poor security practices that enabled them were a consequence of the protocol's governance and technical decisions.

No Meaningful Recovery

The protocol's response to the exploits was criticized for being slow and incomplete. The second exploit occurring days after the first suggests either insufficient understanding of the vulnerability or inadequate response capability.

Risk Management

Oracle Failure

UwU Lend's oracle configuration was the root cause of both exploits. Using price feeds susceptible to spot market manipulation for lending collateral valuation is a known anti-pattern. Aave's oracle guardian system, Chainlink's manipulation-resistant feeds, and proper TWAP implementations exist precisely to prevent this class of attack.

Asset Listing Risk

Similar to Cream Finance, UwU Lend listed assets without adequate analysis of their oracle manipulation vectors. The interaction between certain collateral types and their pricing mechanisms created exploitable conditions.

Failure to Learn

The second exploit occurring within days of the first demonstrates a failure to properly diagnose and remediate the root cause. In a responsible protocol, all oracle-dependent operations would have been paused immediately after the first exploit until comprehensive review was complete.

Adoption

Pre-Exploit TVL

UwU Lend attracted meaningful TVL at its peak, demonstrating that yield-seeking capital will flow to risky protocols if returns are attractive enough. Some users explicitly acknowledged the founder risk but judged the yield/risk tradeoff acceptable. They were wrong.

Post-Exploit Collapse

TVL collapsed following the June 2024 exploits. Any remaining depositors face both the risk of further exploits and the risk of interacting with a protocol controlled by a founder with a documented history of financial misconduct.

Reputation Damage

UwU Lend's brand is irrecoverably damaged by the combination of the founder's QuadrigaCX history and two exploits. No serious DeFi user should consider depositing funds.

Tokenomics

UWU Token

The UWU token provides governance and staking rewards within the protocol. Post-exploit, the token has minimal value and utility. Trading volume is thin and speculative.

SIFUM Ecosystem

Patryn/Sifu built a broader ecosystem around UwU Lend including SIFUM tokens and related products. The entire ecosystem is tainted by the founder's reputation and the protocol's security failures.

Value Destruction

Both the UWU token and any ecosystem tokens have suffered severe value destruction. The tokens have no meaningful utility given the protocol's collapsed state.

Risk Factors

  • FOUNDER IS CO-FOUNDER OF QUADRIGACX, a collapsed exchange that lost $190M in customer funds.
  • $23M+ exploited in June 2024 across two attacks within days using similar oracle manipulation.
  • Oracle manipulation vulnerability: Root cause was a known, preventable attack vector.
  • Second exploit after first: Failure to remediate root cause before second attack is inexcusable.
  • Protocol is effectively dead. TVL and user activity are negligible.
  • No credible recovery path. Founder reputation and security track record make recovery impossible.
  • Extreme counterparty risk. Any interaction with UwU Lend carries unjustifiable risk.

Conclusion

UwU Lend is a protocol that should never have attracted meaningful deposits. A lending protocol founded by the co-founder of QuadrigaCX — one of crypto's most notorious fraud cases — that was then exploited for $23M+ through preventable oracle manipulation attacks represents a convergence of every red flag in DeFi.

The 1.8 overall score — among the lowest possible — reflects the catastrophic combination of founder risk, security failures, and risk management negligence. The security score of 1 and risk management score of 1 reflect the severity of the oracle manipulation exploits and the failure to prevent a second attack days after the first. UwU Lend joins Cream Finance as a cautionary tale, but adds the unique element of a founder whose previous venture lost $190 million in customer funds. The lesson is clear: founder reputation matters, and no yield premium justifies depositing in a protocol with this risk profile.

Do not use UwU Lend. Do not trust any protocol associated with 0xSifu/Michael Patryn.

Sources