Zunami may be the latest victim of a flash loan attack, a scheme that has gradually become the bane of existence for many DeFi protocols.
Decentralized finance protocol Zunami Protocol has confirmed to its clients that there has been an attack on its “zStables” pools on Curve Finance. Sharing the news on Twitter, Zunami assured clients that its collateral remains intact. However, the protocol also warned clients to avoid buying any of its Zunami Ether (zETH) or Zunami USD (UZD) stablecoins while it investigates the matter.
Meanwhile, blockchain security firm PeckShield has tied the exploit to price manipulation by attackers. And by its estimates, the attackers carted away no less than $2.1 million from Zunami’s Curve Pool. For what it’s worth, another blockchain security outfit Ironblocks has also estimated Zunami’s loss, pegging it at similar figures to that of PeckShield.
It might be worth mentioning that Zunami protocol did not catch wind of the attack until about 20 minutes after PeckShield discovered the exploit on Curve. Zunami later confirmed the attack on August 13, at around 11:07 UTC.
Zunami Protocol Falls Victim to Flash Loan Attack
By all means, Zunami may be the latest victim of a flash loan attack, a scheme that has gradually become the bane of existence for many DeFi protocols. According to Ironblocks, “the attacker took [a] flash loan from [the] balancer, then he added liquidity so he [would] be able to change the price significantly and started to trade in Zunami’s exchange.”
The attacker then removed the liquidity and changed the price, before trading back and returning the flash loan. In the end, the attacker made 1,152 ETH to himself in what was a classic case of price manipulation, claims Ironblocks.
Meanwhile, the attack immediately impacted the prices of both the Zunami USD stablecoin (UZD) and Zunami Ether (zEth). This follows after both plummeted shortly after the hack. UZD is the most impacted and has already lost over 99% of its value. zEth is also currently down 88% to $206.
Curve Finance, on the other hand, has also been having a very turbulent run recently. It has been hit by multiple attacks, losing as much as $19 million to a single hacker. As Coinspeaker earlier reported, however, there is still a $1.8 million bounty for information about the yet-to-be-identified hacker.