Decentralized Finance (DeFi) platform Zunami Protocol has confirmed a price manipulation attack on its “zStables” stablecoin pools on Curve Finance, causing potential losses of over $2.1 million.
The attack is the latest among the list of protocols affected by the recent vulnerability in the popular DeFi platform Curve Finance, which drained funds from a number of the protocol’s liquidity pools, exposing $100+ million worth of cryptocurrencies.
The hacker in the Zunami Protocol’s exploit apparently took flash loan from balancer, blockchain security firm Ironblocks noted. The attacker, then added liquidity to change the price massively and started trading in Zunami’s exchange.
Ironblocks wrote in a Tweet that the liquidity was later removed, which changed the price and finally traded back and returned the flash loan to get 1,1152 ETH.
Fellow blockchain security platform PeckShield was quick to report the attack on Twitter, which immediately notified Zunami Protocol to take “necessary actions.”
The attack netted the bad actor more than $2.1 million, carried out via price manipulation, “which can be exploited by donation to incorrectly calculate the price,” PeckShield wrote in a Tweet.
PeckShield also noted that the stolen funds were sent to coin mixer Tornado Cash, which obscures the transaction path. This further complicates the efforts to track and recover the stolen funds.
Curve Finance platform is still struggling to recover millions of dollars lost in an exploit and recently announced a bounty of $1.85 million to anyone who can identify the attacker.
Following PeckShield’s warning, Zunami confirmed the attack and said that the “collateral remain secure.” The protocol instructed its users to refrain from buying either of the
Read more on cryptonews.com