- Zunami Protocol explicitly discouraged any acquisition of zETH and UZD due to the attack on their emission.
- Reportedly, $2.1 million had been siphoned from Zunami’s Curve Pool in a price manipulation-related vulnerability.
The decentralized finance (DeFi) landscape has been rocked once again as Zunami Protocol, a prominent player in the industry, announced an attack on its “stables” pools hosted on Curve Finance.
This incident follows on the heels of Curve Finance facing a %62 Mln worth of exploits. The Curve Finance exploit involved malicious actors exploiting vulnerabilities within the release history of Curve Finance’s Vyper compiler.
On August 13, Zunami Protocol took to Twitter to confirm the alarming news. The protocol disclosed that its stablecoin pools had been targeted in an attack, and although collateral security remained intact, an investigation into the potential exploit had been initiated. In the interest of safeguarding users, Zunami Protocol explicitly discouraged any acquisition of zETH and UZD due to the attack on their emission.
Blockchain security firm PeckShield quickly identified the exploit on Curve Finance’s platform. They estimated that a staggering $2.1 million had been siphoned from Zunami’s Curve Pool in a price manipulation-related vulnerability. Another respected blockchain security firm, Ironblocks, echoed PeckShield’s estimate, highlighting the gravity of the breach.
PeckShield’s detection of the exploit on August 13 was soon validated by Zunami Protocol approximately 20 minutes later. According to Ironblock, “The attacker took flash loan from balancer, then he added liquidity so he be able to change the price significantly and started to trade in Zunami’s exchange”. “Then he removed the liquidity and changed the price, then he traded back and [returned] the flash loan and got 1,152 ETH to himself”,Ironblocks tweet reads.
This incident comes at a delicate juncture for the DeFi ecosystem, which is still grappling with the aftermath of the previous Curve Finance hack. Despite concerted efforts to contain the damage, the DeFi sector is faced with another set of vulnerabilities.
Just last week, the Solana-based decentralized exchange, Cypher, experienced losses of nearly $1 million in cryptocurrency due to a separate set of exploits. DeFi protocols are becoming increasingly vulnerable to attacks and hacking due to their open-source nature, composability, and fast-paced development.
DeFi protocols have been consistently targeted by hackers who employ various strategies to breach their security. Among these, a prevalent method is the smart contract exploit, which involves identifying vulnerabilities within the code of the DeFi protocol’s smart contract. Another notorious technique is the “rug pull.” In this scheme, hackers fabricate a counterfeit DeFi project, luring users to invest their funds under false pretenses.
The third method, frequently employed by hackers, is using flash loans. This mechanism enables attackers to borrow significant quantities of cryptocurrency without the need for any collateral. Armed with these borrowed funds, hackers can then exploit vulnerabilities within DeFi protocols, manipulating them to their advantage and ultimately absconding with ill-gotten gains.