The Decentralized Finance (DeFi) platform, Zunami Protocol, has acknowledged a price manipulation assault on its “zStables” stablecoin pools, which are part of Curve Finance. This incident may have resulted in a loss exceeding $2.1 million.
This breach is merely the latest to be added to a growing list of platforms compromised due to a recent vulnerability detected in the renowned DeFi platform, Curve Finance. This flaw allowed significant withdrawals from several of its liquidity pools, putting at risk cryptocurrencies worth more than $100 million.
According to the blockchain security firm Ironblocks, the malicious actor behind Zunami Protocol’s breach apparently utilized a flash loan from Balancer. Subsequently, the hacker provided liquidity in a manner that drastically altered the price and proceeded to conduct transactions within Zunami’s exchange.
Ironblocks highlighted in a tweet that after the liquidity manipulation, the malefactor traded back, adjusted the price again, and returned the flash loan, managing to profit 1,1152 ETH in the process.
PeckShield, another blockchain security entity, promptly reported the assault on Twitter, subsequently alerting Zunami Protocol to undertake “urgent measures.”
The attacker successfully profited over $2.1 million from this incursion, having manipulated the price to exploit a miscalculation in price determination, as mentioned by PeckShield in their tweet.
Furthermore, PeckShield observed that the ill-gotten gains were transferred to the coin mixer Tornado Cash. This service muddles the transaction trails, making it increasingly challenging to trace and recuperate the purloined assets.
Meanwhile, the Curve Finance platform continues its battle to reclaim millions lost due to similar breaches and recently posted a bounty reward of $1.85 million for any individual able to pinpoint the culprit.
Zunami Warns Users to Refrain From Buying Stablecoins
Upon receiving PeckShield’s alert, Zunami acknowledged the security breach but was quick to assure that the “collateral remains safe.” They directed their user base to avoid purchasing the impacted tokens – Zunami Ether (zETH) and Zunami USD (UZD) stablecoins – emphasizing that the underlying vulnerability was still in the process of being addressed.
Following Zunami’s official acknowledgment of the attack, the value of both affected tokens saw a drastic decline. UZD’s value crashed by 99%, practically rendering it worthless, while zETH experienced an 89% drop, touching a low of $206. As per recent data from CoinGecko, UZD’s trading price stands at $0.0118.
Specializing as a yield farming aggregator tailored for stablecoin staking, Zunami Protocol had been projecting the highest Annual Percentage Yield (APY) within the decentralized autonomous organization (DAO) domain. Their website cites a Total Value Locked (TVL) of $5 million.
Zunami has consistently communicated its aim to offer users an avenue to diversify their stablecoin investments while shielding them from potential crashes. Yet, this recent price manipulation incident has severely tarnished Zunami’s credibility in the eyes of many.
SlowMist Reportedly Warned Zunami
Xian Yu, the brains behind the blockchain security firm SlowMist, revealed that their team had detected the potential attack almost two months prior. According to Yu, SlowMist had alerted Zunami Protocol multiple times, but their warnings seemingly went unheeded until the actual breach occurred.
Yu expressed his frustration, noting that despite their persistent attempts to communicate the risks, their interactions with the Protocol were far from productive.
The inherent decentralized design of the DeFi landscape makes it an enticing playground for malicious entities, emphasizing the critical need for robust security protocols and prompt responsiveness to identified vulnerabilities.
