Zunami Protocol Suffers $2.1 Million Exploit Following Price Manipulation

The decentralized finance (DeFi) platform Zunami Protocol admitted a $2.1 million exploit. The announcement conveyed by the DeFi protocol on Sunday, August 13, revealed that its liquidity pool running on Curve Finance suffered a price manipulation attack.

Zunami Protocol’s zStables Pool Suffer Exploit

The price manipulation attack targeted the DeFi yield farming aggregator that recently promised to offer the highest annual percentage yield (APY) in the segment. Independent analysis of the incident by blockchain security firms Ironblocks and PeckShield indicates that the hack led to a loss exceeding $2.1 million.

Zunami Protocol involves a yield farming aggregator targeting stablecoin staking. The protocol maintains the primary zStables pool on the Curve Finance that facilitates stablecoins’ decentralized exchange in Ethereum.

Zunami Protocol operations mirror a decentralized autonomous organization (DAO) management. Before the attack, it projected to offer the highest APY in the segment besides touting a $5 million total value locked (TVL in a blog post. 

IronBlocks Discovers Attacker Leveraged Flash Loan 

The cross-chain protocol suggested that it facilitated users in diversifying their stablecoin portfolio while averting the risk of crashing one of them. The scheme leveraged by the exploiters portrayed a familiar path to blockchain observers. 

Ironblocks indicated that the exploiters sought a flash loan from the balancer. The attacker would subsequently add liquidity to realize the capability to adjust the price. Ironblocks illustrated that the attacker would then trade within the Zunami exchange. 

The detailed analysis by Ironblocks indicates that the attacker would withdraw the liquidity and adjust the price. Ironblocks would discover that the attacker traded back. Also, he returned the flash loan earning 1152 ETH in classic price manipulation. 

A parallel assessment by blockchain analyst PeckShield admitted tracking the attacks discovered on Curve. Among the exploits detected the exploit occurring within the Zunami Protocol and duly notified the victim via X.

Tornado Cash Used by Hacker to Wash Proceeds

PeckShield addressed the Zunami Protocol in a post directed to @zunamiprotoco. The August 13 notification indicated an ongoing attack. The analyst firm warned users to embrace requisite measures. 

PeckShield made public the encrypted hash on Monday, August 13, 2638ae2969ce932d61c3ca66f9b8a4a6c01c4d89bb2b34ddcf2c4145960f41c4. It indicated that it would release the actual upon the restoration of stability.

PeckShield indicated that the hack caused a loss exceeding $2.1 million. The analyst firm indicated that the exploiter propagated the hack in two transactions. The firm echoed findings by Ironblocks that the incident involved price manipulation that the perpetrators exploited by donation to calculate the price inaccurately. 

Zunami Protocol acknowledged zStables suffering attack. The protocol dismissed claims that the collateral was insecure. However, the firm warned users against purchasing the zETH and UZD since the emission was under attack. 

The exploit plunged the prices of Zunami USD stablecoin (UZD) and Zunami Ether (zETH). zETH’s price plummeted by over 88% to exchange hands at $206, with the UZD declining by 99%.

PeckShield’s subsequent announcement on Monday, August 14, indicated that the hacker washed the proceeds via the Tornado Cash. The use of the coin mixer aimed at concealing the trail. 

The hacking incident that hit Zunami Protocol coincides with Curve Finance’s struggles to deal with several attacks witnessed in recent weeks. The struggle arose from the attempt to recover $19 million stolen. It placed a $1.8 million bounty to identify the perpetrator.  

Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.