DeFi Aggregator Zunami Protocol Suffers $1.2M Exploit in Price Manipulation Attack

DeFi Aggregator Zunami Protocol Suffers $1.2M Exploit in Price Manipulation Attack
Table of Contents

According to blockchain security firm PeckShield, Zunami Protocol, a decentralized yield farming aggregator for stablecoin staking, fell victim to a price manipulation attack, resulting in losses of over $2.1 million.

On August 14, PeckShield took to X to reveal that Zunami Protocol encountered an attack in its stablecoin pools on Curve Finance that led to losses of over $2.1 million. The security firm blamed the exploit on a price manipulation issue, adding the stolen funds had been washed via US-sanctioned mixing service Tornado Cash. PeckShield wrote,

“It is a price manipulation issue, which can be exploited by donation to incorrectly calculate the price.”

Zunami Protocol Falls Victim to a DeFi Attack

Following PeckShield’s warning, Zunami Protocol confirmed that attack, stating the collateral remained secure and the team has started to investigate. The decentralized finance (DeFi) protocol wrote,

“It appears that zStables have encountered an attack. Please do not buy zETH and UZD at the moment. [Their] emission has been attacked.”

The hack was also reported by fellow blockchain security firm Ironblocks, explaining, the attacker took a flash loan from the balancer, then added liquidity so he would be able to change the price significantly and started to trade in Zunami’s exchange.

Following this, the attacker then removed the liquidity and changed the price, trading back, and returned the flash loan netting 1,152 ETH. Ironblocks, further, labeled the hack as “Classic price manipulation.” 

Could the Attack have been Avoided?

Adding to speculations, Xian Yu, founder of blockchain security firm SlowMist, highlighted on X that their firm had identified the vulnerability two months ago and informed the Zunami Protocol, and emphasized the attack could have been avoided,

“This project was attacked by price manipulation and lost more than 2.1 million US dollars. The key point is that our system detected their risk two months ago, and we informed them privately in advance. Unfortunately, it was an unpleasant communication… It now appears that perhaps they were avoidable”

Zunami Protocol managed as a decentralized autonomous organization (DAO), is a yield farming aggregator for stablecoin staking, and maintained its primary “zStables” pool on Curve, which enables the decentralized exchange (DEX) of stablecoins within Ethereum (ETH). The protocol had promised the highest APY on the market and touted a $5 million total value locked on its website.

DeFi Remains Vulnerable to Hackers

DeFi Remains Vulnerable to Hackers, just as Zunami Protocol

Cryptocurrency hacks, network exploits, price manipulation attacks including several other nefarious ways have continued plaguing the digital assets ecosystem for a very long time, especially DeFi. Decentralized protocols were the primary targets of these hackers, accounting for over 80% of all cryptocurrency stolen in 2022. 

Last week, Cypher Protocol, a decentralized futures exchange operating on the Solana (SOL) blockchain, suffered a security breach on Monday, resulting in an estimated loss of around $1 million.

Although the stolen amount has witnessed a sharp plunge this year compared to the previous year, blockchain security audit firm CertiK revealed crypto traders have already lost a stomach-churning $303 million worth of digital assets in cryptocurrency exploits and attacks in July, making it the worst month this year so far in terms of stolen value.


Follow us on Social Networks

Crypto Tutorials

Crypto Reviews