$2.1M Exploit Exposes Vulnerabilities in Zunami

DeFi yield aggregator Zunami Protocol recently found itself in the crosshairs of a malicious exploit, causing potential losses exceeding $2.1 million. 

Security firm PeckShield unveiled the breach, shedding light on the gravity of the situation on August 13th, precisely at 10:47 UTC.

Later, Zunami stepped forward and confirmed the unsettling discovery and assured users that the collateral remained intact.

The incident revolved around two pivotal transactions, setting off a flurry of concerns, according to Peckshield. The exploit took a direct aim at Zunami's "zStables" stablecoin pools, and as the dust began to settle, PeckShield estimated a hefty sum of over $2.1 million had been siphoned off from Zunami's Curve Pool.

An adjustment vulnerability allowed the perpetrators to execute this daring heist. Adding a twist, the stolen funds were subjected to a laundering process through Tornado Cash, a mixing service synonymous with the world of cryptocurrencies.

‍

Zunami Was Made Aware of Vulnerability Before Attack

Xian Yu, founder of SlowMist, disclosed an intriguing detail: their team had identified the vulnerability nearly two months prior. The exploit, rooted in price manipulation tactics, had been staring the Zunami Protocol in the face, albeit unnoticed until the breach.

The communication with Zunami protocol about the warning was met with an unpleasant response, according to Xian Yu, leaving a lasting impression of what could have been done better. 

Crypto hacking incidents have been taking the limelight recently. Last month Curve Finance was hacked for $24 million, which rattled the whole DeFi space. Another crypto payment provider, CoinsPaid, lost $37 million to hackers in late July.