On August 13th, the decentralized finance (DeFi) ecosystem witnessed another distressing incident as Zunami Protocol fell victim to a malicious attack.
The exploit, orchestrated by bad actors, resulted in an estimated loss of $2.1 million. This article delves into the details of the attack, shedding light on the vulnerabilities exploited by the perpetrators and the aftermath faced by the Zunami Protocol.
Zunami Protocol, a prominent player in the DeFi space known for its role as a decentralized revenue aggregator, faced a critical breach.
Enabling users to stake stablecoins for yield, Zunami Protocol became the latest entrant in the unfortunate roster of platforms affected by an exploit targeting Curve pools.
This attack underlines the interconnectedness and shared challenges faced by various protocols within the DeFi landscape.
The exploit came to light through the diligent efforts of blockchain security firm PeckShield, which detected the attack and promptly alerted Zunami Protocol.
The malicious actors successfully manipulated prices through a cunning technique, taking advantage of the protocol’s dynamics.
The exploit involved a sequence of steps, with a flash loan provided by Zunami marking the start. The perpetrator strategically added liquidity and conducted trades at inflated prices.
Subsequently, the borrowed funds were returned, allowing the attacker to reap substantial profits, totaling $2 million.
The consequences of the exploit were felt keenly in Zunami Protocol’s zStables pools on Curve Finance, leading to price manipulation of Zunami Ether (zETH) and Zunami USD (UZD). The latter stablecoin saw its value significantly deviate from its peg.
While the collateral backing UZD remains secure, Zunami Protocol issued a cautionary notice to users, advising against purchasing the affected tokens.
Despite the assurance of collateral safety, concerns arose due to the revelation that one of the collateral holders is Curve, raising uncertainties about the long-term viability of the reserves.