Zunami Protocol Suffers $2.1 Million Exploit Following Price Manipulation

The decentralized finance (DeFi) platform Zunami Protocol admitted a $2.1 million exploit. The announcement conveyed by the DeFi protocol on Sunday, August 13, revealed that its liquidity pool running on Curve Finance suffered a price manipulation attack.

Zunami Protocol’s zStables Pool Suffer Exploit

The price manipulation attack targeted the DeFi yield farming aggregator that recently promised to offer the highest annual percentage yield (APY) in the segment. Independent analysis of the incident by blockchain security firms Ironblocks and PeckShield indicates that the hack led to a loss exceeding $2.1 million.

Zunami Protocol involves a yield farming aggregator targeting stablecoin staking. The protocol maintains the primary zStables pool on the Curve Finance that facilitates stablecoins’ decentralized exchange in Ethereum.

Zunami Protocol operations mirror a decentralized autonomous organization (DAO) management. Before the attack, it projected to offer the highest APY in the segment besides touting a $5 million total value locked (TVL in a blog post. 

IronBlocks Discovers Attacker Leveraged Flash Loan 

The cross-chain protocol suggested that it facilitated users in diversifying their stablecoin portfolio while averting the risk of crashing one of them. The scheme leveraged by the exploiters portrayed a familiar path to blockchain observers. 

Ironblocks indicated that the exploiters sought a flash loan from the balancer. The attacker would subsequently add liquidity to realize the capability to adjust the price. Ironblocks illustrated that the attacker would then trade within the Zunami exchange. 

The detailed analysis by Ironblocks indicates that the attacker would withdraw the liquidity and adjust the price. Ironblocks would discover that the attacker traded back. Also, he returned the flash loan earning 1152 ETH in classic price manipulation. 

A parallel assessment by blockchain analyst PeckShield admitted tracking the attacks discovered on Curve. Among the exploits detected the exploit occurring within the Zunami Protocol and duly notified the victim via X.

Tornado Cash Used by Hacker to Wash Proceeds

PeckShield addressed the Zunami Protocol in a post directed to @zunamiprotoco. The August 13 notification indicated an ongoing attack. The analyst firm warned users to embrace requisite measures. 

PeckShield made public the encrypted hash on Monday, August 13, 2638ae2969ce932d61c3ca66f9b8a4a6c01c4d89bb2b34ddcf2c4145960f41c4. It indicated that it would release the actual upon the restoration of stability.

PeckShield indicated that the hack caused a loss exceeding $2.1 million. The analyst firm indicated that the exploiter propagated the hack in two transactions. The firm echoed findings by Ironblocks that the incident involved price manipulation that the perpetrators exploited by donation to calculate the price inaccurately. 

Zunami Protocol acknowledged zStables suffering attack. The protocol dismissed claims that the collateral was insecure. However, the firm warned users against purchasing the zETH and UZD since the emission was under attack. 

The exploit plunged the prices of Zunami USD stablecoin (UZD) and Zunami Ether (zETH). zETH’s price plummeted by over 88% to exchange hands at $206, with the UZD declining by 99%.

PeckShield’s subsequent announcement on Monday, August 14, indicated that the hacker washed the proceeds via the Tornado Cash. The use of the coin mixer aimed at concealing the trail. 

The hacking incident that hit Zunami Protocol coincides with Curve Finance’s struggles to deal with several attacks witnessed in recent weeks. The struggle arose from the attempt to recover $19 million stolen. It placed a $1.8 million bounty to identify the perpetrator.  

At Tokenhell, we help over 5,000 crypto companies amplify their content reach—and you can join them! For inquiries, reach out to us at info@tokenhell.com. Please remember, cryptocurrencies are highly volatile assets. Always conduct thorough research before making any investment decisions. Some content on this website, including posts under Crypto Cable, Sponsored Articles, and Press Releases, is provided by guest contributors or paid sponsors. The views expressed in these posts do not necessarily represent the opinions of Tokenhell. We are not responsible for the accuracy, quality, or reliability of any third-party content, advertisements, products, or banners featured on this site. For more details, please review our full terms and conditions / disclaimer.