Zunami Protocol has sounded the alarm bells after its “zStables” pools on Curve Finance were subjected to a relentless assault. The protocol has issued a stern warning to its users, urging them to exercise caution and refrain from purchasing any of its Zunami Ether (zETH) or Zunami USD (UZD) stablecoins.
On August 13, Zunami Protocol took to Twitter to announce the disturbing news, revealing that its stablecoin pools had fallen victim to an attack. Despite the unsettling situation, the protocol was quick to reassure its users that the collateral underlying these assets remains secure. As the investigation into the attack continues, Zunami Protocol has vowed to delve deep into the matter to uncover the underlying vulnerabilities that led to this incident.
It appears that zStables have encountered an attack. The collateral remain secure, we delve into the ongoing investigation.
— Zunami Protocol (@ZunamiProtocol) August 13, 2023
“It appears that zStables have encountered an attack. The collateral remains secure, as we delve into the ongoing investigation,” the protocol stated in its tweet.
Blockchain security experts, including PeckShield and Ironblocks, wasted no time in analyzing the situation. According to PeckShield’s assessment, over $2.1 million worth of assets were pilfered from Zunami’s Curve Pool as a result of what appears to be pricing manipulation. Ironblocks concurred with this estimation, further cementing the gravity of the situation.
PeckShield, a reputable name in the blockchain security realm, was among the first to identify the vulnerability on Curve Finance on August 13 at 10:47 UTC. Approximately 20 minutes later, Zunami Protocol corroborated PeckShield’s findings. This swift response underscores the importance of vigilance and collaboration within the DeFi community in combating threats and breaches.
At the heart of this incident lies the fact that the largest Zunami stable pools are hosted on Curve Finance, a platform renowned for its decentralized income aggregation capabilities. The attack has cast a shadow not only over Zunami USD but also over Zunami Ether, underscoring the far-reaching implications of such breaches.
It is worth noting that PeckShield had earlier unearthed flaws on August 9 that could potentially compromise other DeFi projects. Notably, they identified an instance of a reentrancy attack on Aave’s Earning Farm, resulting in the theft of at least $287,000 worth of Ether. This form of attack involves submitting and canceling requests for funds repeatedly to deceive the system into disbursing more funds than it actually possesses.
Hi @ZunamiProtocol Today’s hack leads to >$2.1m loss and there are two hack txs involved:
– tx1: https://t.co/jsOmPT62mk
– tx2: https://t.co/u7YOvoS0R9It is a price manipulation issue, which can be exploited by donation to incorrectly calculate the price as shown in the… https://t.co/yqwMVy0pCA pic.twitter.com/OfrDni7KtE
— PeckShield Inc. (@peckshield) August 14, 2023
As the DeFi ecosystem continues to flourish and evolve, the Zunami Protocol incident serves as a stark reminder of the risks and challenges that participants in this space face. While Zunami’s reassurance regarding the safety of collateral is a positive step, the incident underscores the need for continuous vigilance, rigorous security audits, and prompt response mechanisms within the DeFi sector.
Read more:
- Curve Finance Offers $1.85 Million Bounty To Unmask Attacker Of DeFi Stable Pool
- Curve Finance Hacker Returns All Stolen Funds To Alchemix
- Hacker Wintermute Controls Over 51% Liquidity In Curve’s 3pool