Zunami Protocol, a rising player in the decentralized finance (DeFi) landscape, has become the latest victim of a significant security breach. On Sunday, the DeFi platform confirmed that its liquidity pool on Curve Finance had been targeted by attackers, resulting in a substantial loss exceeding $2 million.
Renowned for its role as a yield farming aggregator for stablecoin staking, the protocol suffered a major setback as its primary “zStables” pool on Curve Finance became the focal point of the attack. This pool facilitates the decentralized exchange (DEX) of stablecoins within the Ethereum network.
In the aftermath of the breach, Zunami Protocol issued a warning to its users, advising against the purchase of its Zunami Ether (zETH) or Zunami USD (UZD) stablecoins.
This incident sheds light on the ongoing vulnerability of DeFi projects and the challenges they face in ensuring robust security measures.
Please do not buy zETH and UZD at the moment, their emission has been attacked.
— Zunami Protocol (@ZunamiProtocol) August 14, 2023
Zunami Attack Targets Curve Finance Liquidity Pool
Blockchain security experts PeckShield and Ironblocks weighed in on the situation, both estimating the loss to be in excess of $2.1 million. The attack exploited a price manipulation vulnerability, allowing the attacker to manipulate prices significantly to their advantage.
This latest incident underscores the persistent challenges that DeFi platforms face in safeguarding their users’ funds and maintaining the integrity of their ecosystems.
Hi @ZunamiProtocol Today’s hack leads to >$2.1m loss and there are two hack txs involved:
– tx1: https://t.co/jsOmPT62mk
– tx2: https://t.co/u7YOvoS0R9It is a price manipulation issue, which can be exploited by donation to incorrectly calculate the price as shown in the… https://t.co/yqwMVy0pCA pic.twitter.com/OfrDni7KtE
— PeckShield Inc. (@peckshield) August 14, 2023
Operated as a decentralized autonomous organization (DAO), Zunami Protocol had been lauded for its promise of offering the “highest APY on the market.” The platform boasted a significant total value locked of $5 million, reflecting the growing interest in DeFi solutions.
Zunami Protocol’s cross-chain functionality aimed to provide users with the means to diversify their stablecoin portfolios and mitigate the risk associated with the potential crash of any single stablecoin.
Total cryptocurrency market reached $1.15 trillion today. Chart: TradingView.com
Familiar Occurrence
The attack itself followed a familiar pattern for those well-versed in blockchain security. Ironblocks explained that the attacker utilized a flash loan from Balancer to manipulate the price significantly within Zunami’s exchange. By adding and subsequently removing liquidity, the attacker was able to profit from the altered price, ultimately walking away with 1,152 ETH.
The incident highlights the evolving and complex nature of DeFi security, indicating that even projects like Zunami Protocol with substantial value locked and ambitious promises are not immune to attacks.
As the DeFi landscape continues to expand, the importance of continuous security audits, improved code review processes, and proactive measures to address vulnerabilities becomes more evident than ever. Users and stakeholders must remain cautious, underscoring the significance of due diligence in navigating the ever-changing DeFi ecosystem.
Featured image from MyCryptoWallet