DeFi Protocol Zunami Loses Over $2.1 Million in a Major Price Manipulation Attack
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Ad Disclosure
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Decentralized Finance (DeFi) platform Zunami Protocol has confirmed a price manipulation attack on its “zStables” stablecoin pools on Curve Finance, causing potential losses of over $2.1 million.
The attack is the latest among the list of protocols affected by the recent vulnerability in the popular DeFi platform Curve Finance, which drained funds from a number of the protocol’s liquidity pools, exposing $100+ million worth of cryptocurrencies.
It appears that zStables have encountered an attack. The collateral remain secure, we delve into the ongoing investigation.
— Zunami Protocol (@ZunamiProtocol) August 13, 2023
The hacker in the Zunami Protocol’s exploit apparently took flash loan from balancer, blockchain security firm Ironblocks noted. The attacker, then added liquidity to change the price massively and started trading in Zunami’s exchange.
2. then he added liquidity so he will be able to change the price significantly and started to trade in zunami's exchange pic.twitter.com/YNOTHlDd3Q
— Ironblocks (@Ironblocks_) August 14, 2023
Ironblocks wrote in a Tweet that the liquidity was later removed, which changed the price and finally traded back and returned the flash loan to get 1,1152 ETH.
Fellow blockchain security platform PeckShield was quick to report the attack on Twitter, which immediately notified Zunami Protocol to take “necessary actions.”
Hi @zunamiprotocol, we have detected an ongoing attack. Users are strongly suggested to take necessary actions.
— PeckShield Inc. (@peckshield) August 13, 2023
Here is the encrypted hash: 2638ae2969ce932d61c3ca66f9b8a4a6c01c4d89bb2b34ddcf2c4145960f41c4. Actual hash will be released once the situation is stable.
The attack netted the bad actor more than $2.1 million, carried out via price manipulation, “which can be exploited by donation to incorrectly calculate the price,” PeckShield wrote in a Tweet.
Hi @ZunamiProtocol Today's hack leads to >$2.1m loss and there are two hack txs involved:
— PeckShield Inc. (@peckshield) August 14, 2023
– tx1: https://t.co/jsOmPT62mk
– tx2: https://t.co/u7YOvoS0R9
It is a price manipulation issue, which can be exploited by donation to incorrectly calculate the price as shown in the… https://t.co/yqwMVy0pCA pic.twitter.com/OfrDni7KtE
PeckShield also noted that the stolen funds were sent to coin mixer Tornado Cash, which obscures the transaction path. This further complicates the efforts to track and recover the stolen funds.
Curve Finance platform is still struggling to recover millions of dollars lost in an exploit and recently announced a bounty of $1.85 million to anyone who can identify the attacker.
Zunami Warns Users to Refrain From Buying Stablecoins
Following PeckShield’s warning, Zunami confirmed the attack and said that the “collateral remain secure.” The protocol instructed its users to refrain from buying either of the affected tokens – Zunami Ether (zETH) or Zunami USD (UZD) stablecoins – warning that the exploit is still being fixed.
Please do not buy zETH and UZD at the moment, their emission has been attacked.
— Zunami Protocol (@ZunamiProtocol) August 14, 2023
Soon after the confirmation of attack from Zunami, both the affected tokens plummeted sharply. UZD dropped 99% to nearly $0, losing its peg, while zETH fell by 89% to a low of $206. UZD is currently trading at $0.0118 at press time, according to CoinGecko.
Zunami Protocol, a yield farming aggregator for stablecoin staking, has been promising the highest Annual Percentage Yield (APY) as a decentralized autonomous organization (DAO), with $5 million in Total Value Locked, according to its website.
Zunami also promised users to diversify their stablecoin portfolio while avoiding any crashing risk. The price manipulation risk, however, has put a massive dent in Zunami’s reputation.
SlowMist Reportedly Warned Zunami
Xian Yu, founder of blockchain security platform SlowMist, said that their firm had identified the attack nearly two months before. The Zunami Protocol apparently received warnings from SlowMist, albeit unnoticed until the breach.
🙂这个项目被价格操纵攻击,损失超 210 万美金。关键点是,两个月前我们系统就扫到他们这个风险,提前就私下告知他们了,可惜那是一次不愉快的沟通…
— Cos(余弦)😶🌫️ (@evilcos) August 14, 2023
现在看来,也许他们是可以避免的。 https://t.co/w4cPUVviZl
Yu said that despite repeated warnings sent to the Protocol, “it was an unpleasant communication.”
The decentralized nature of the DeFi ecosystem makes it a lucrative target for attackers, stressing on the importance of high security measures and timey actions on such vulnerabilities.
- Trump Appoints PayPal Veteran David Sacks as ‘White House AI and Crypto Czar’
- What’s Happening in Crypto Today? Daily Crypto News Digest
- Trader Explains Why XRP Could Skyrocket to $100 After Tristan Tate X Post
- US SEC Scales Back 50-Member Crypto Enforcement Team: Report
- Michael Saylor Teases “Big Strategy Day,” Crypto Community Reacts






