1
Introducing Zunami Protocol - The First Decentralized Revenue Aggregator YouTube Screenshot/ Zunami Protocol Official YouTube Chanel

The liquidity pool of the decentralized finance (DeFi) platform Zunami Protocol on Curve Finance suffered from a devastating exploit of more than $2.1 million in funds, resulting in a massive fall in the price of its native stablecoin UZD to nearly 99%.

The hack was reported by blockchain security company PeckShield.

Curve Finance is still investigating the exploit that siphoned over $60 million in funds, and while it has recovered around 70% of the total stolen assets, the exploit caused a damaging impact on its reputation, triggering a massive slump in its TVL and trading volume, as well as in the value of its native token, CRV.

Zunami is a yield farming aggregator for stablecoin staking and has its "zStables" on Curve Finance, which allows the decentralized exchange of stablecoins within the Ethereum network.

PeckShield called out Zunami in a tweet Sunday, saying, "Hi @ZunamiProtocol Today's hack leads to >$2.1m loss and there are two hack txs (transactions) involved."

PeckShield also said that the attack was executed by malicious actors through price manipulation by donating to the protocol.

"It appears that zStables have encountered an attack. The collateral remains secure, we delve into the ongoing investigation," Zunami confirmed via a tweet, advising its users, "Please do not buy zETH and UZD at the moment, their emission has been attacked."

In a thread, security blockchain firm Ironblocks explained how the exploit was carried out. It said that "the attacker took flashloan from balancer" and then "added liquidity." This allowed them to "change the price significantly and started to trade in Zunami's exchange."

After that, malicious actors "removed the liquidity and changed the price" and "traded back and returned the flashloan and got 1,152 ETH to himself," which the security firm described as a "classic price manipulation."

Zunami has not yet provided any update on the supposed exploit and has not yet shared its plan on how its users can recoup the stolen funds.

It is worth noting that SlowMist founder Xian Yu uncovered the vulnerability in Zunami Protocol almost a couple of months ago.

However, when the team warned Zunami about it, the warning was reportedly met with a negative response.

"This project was attacked by price manipulation and lost more than 2.1 million US dollars. The key point is that our system detected their risk two months ago, and we informed them privately in advance. Unfortunately, it was an unpleasant communication," the SlowMist CEO said in a tweet originally in Chinese and roughly translated using X.

As of 5:45 am ET on Monday, UZD was trading down at $0.01311139 with a 24-hour trading volume of $1,202,200, representing a 98.68% decrease in the last 24 hours and a 98.78% loss over the past seven days, according to the latest data from CoinGecko.

Read more