Zunami Loses Over $2 Million in Price Attack

Reading Time: 2 minutes
  • DeFi protocol Zunami has suffered a price manipulation attack that cost it over $2 million, according to blockchain security firm PeckShield
  • The attack took place on the protocol’s liquidity pools on Curve Finance
  • The attacker targeted Zunami’s stablecoin pools 

Malicious actors in the DeFi world continue to exploit weaknesses in DeFi platforms with Zunami Protocol being among the latest victims losing over $2 million in a price manipulation scheme. According to blockchain intelligence firms PeckShield and Ironblocks, the attacker targeted the protocol’s stablecoin pools on Curve Finance which also recently lost over $60 million in a hack. Zunami has acknowledged the attack and warned its users against interacting with its ETH pool or zETH.

Deposit and Withdraw Process Nets Attacker Over 1,150 ETH

According to an investigation by Ironblocks, the malicious actor took a loan on Balancer and used the funds to add liquidity on Zunami, something that jolted the price upwards. He later withdrew his funds to repay the loan, crashing the price in the process. 

The price manipulation scheme netted him over 1,150 ETH after repaying the loan. PeckShield also reached a similar conclusion and revealed the two transactions involved, adding that the transactions were meant to make the protocol “incorrectly calculate the price.” 

 

Zunami has however disclosed that “the collateral remains secure,” noting that it has started investigating the incident that caused its UZD and zETH tokens’ price to tumble by between 88% and 99%. 

No Deal, Yet

The attacker has already moved the funds through coin mixing service Tornado Cash, a suggestion they intend to keep the illicit funds. Zunami is yet to announce whether they’ll engage the attacker to strike a deal, which has been a growing trend in the web3 world. 

Curve Finance, for example, partnered with other Vyper attack victims to offer a $7 million bug bounty, a move that saw the platforms recover over 75% of the stolen funds. Curve Finance recently promised to reimburse all affected users.

With the Zunami attacker having washed the funds through Tornado Cash, it lowers the chances of the DeFi protocol recovering the funds.

 

Share