UwuLend was drained of $19.4 million after an attacker manipulated fallback oracle pricing in a series of rapid transactions funded from Tornado Cash. The exploit used flash-loan-driven trades against Curve pool states, allowing borrowing at one sUSDe rate and liquidation at an inflated rate before stolen WBTC and DAI were converted into ETH. The excerpt identifies attacker address 0x841ddf093f5188989fa1524e7b893de64b421f47, three attack transactions, and two Ethereum addresses where stolen funds were parked. UwuLend paused the protocol, offered a 20% white-hat bounty, and faced scrutiny because the protocol had recently passed a PeckShield audit despite the oracle design weakness.