In a recent turn of events, the Decentralized Finance (DeFi) platform Zunami Protocol has confirmed an attack involving price manipulation. The assault on its stablecoin pools, known as ‘zStables’ on Curve Finance, has led to potential losses exceeding $2.1 million. This cyber-offensive is a stark addition to the protocols reeling from Curve Finance’s recent vulnerability, that resulted in drained liquidity pools, and the exposure of over $100 million in crypto assets.
The suspected participants behind the exploit reportedly borrowed a flash loan from a balancer – a detail discovered by blockchain security firm Ironblocks. The loan was supposedly used to significantly alter the price, prompting trading on Zunami’s exchange. Herein, lies the intrigue. The liquidity added was removed post-trade, thus revoking the price alteration and creating an opportunity to repay the flash loan, evidently netting 1,1152 ETH.
Upon realizing the attack, fellow security platform PeckShield reported the situation on Twitter, alerting Zunami of the need for prompt action. This immediate action was of paramount importance, as the onslaught resulted in stolen funds exceeding $2.1 million, carried out through a pricing exploit. PeckShield further observed that the looted proceeds were sent to coin mixer Tornado Cash, complicating efforts to track and recover this vast sum.
In the wake of this breach, Zunami promptly advised its users to desist from purchasing its affected stablecoins – Zunami Ether (zETH) and Zunami USD (UZD). In the meantime, they set to work repairing the exploit. Despite this warning, however, the value of the impacted tokens nose-dived, with UZD dropping 99% to nearly $0, jettisoning its peg, while zETH decreased by 89% to a mere $206.
Beyond the immediate financial loss, these occurrences have a profound effect on Zunami Protocol’s standing. As a yield farming aggregator offering customers the highest Annual Percentage Yield (APY), Zunami purports to diversify user’s stablecoin portfolio, with claims of nullifying crashing risks. It is worth mentioning that these allegations are now laden with skepticism, given recent events.
Notably, the founder of blockchain security platform SlowMist, Xian Yu, has indicated that they identified the attack on Zunami nearly two months ago. Despite numerous warnings supposedly sent to the Protocol, these cautions were unfortunately ignored.
The recent attack on Zunami Protocol underscores the vulnerable nature of the DeFi ecosystem, and the lucrative target it presents to potential hijackers. It certainly emphasises the absolute necessity of stringent security measures and immediate responses to vulnerabilities such as this incident. The challenge for DeFi platforms such as Zunami now is to rebuild their tarnished reputation while working relentlessly to ensure similar security breaches are not repeated in the future.
Source: Cryptonews