Decentralized finance protocol Zunami Protocol has confirmed it has encountered an attack on its “zStables” pool on Curve Finance.
Blockchain security firm PeckShield estimates over $2.1 million was stolen from Zumani’s Curve Pool on Aug. 13, pegging the exploit to a price manipulation issue. Fellow blockchain security firm Ironblocks arrived at a similar figure.
Hi @ZunamiProtocol Today's hack leads to >$2.1m loss and there are two hack txs involved:
– tx1: https://t.co/jsOmPT62mk
– tx2: https://t.co/u7YOvoS0R9
It is a price manipulation issue, which can be exploited by donation to incorrectly calculate the price as shown in the… https://t.co/yqwMVy0pCA pic.twitter.com/OfrDni7KtE— PeckShield Inc. (@peckshield) August 14, 2023
PeckShield detected the exploit on Curve on Aug. 13 at 10:47 UTC, which was confirmed by Zunami about 20 minutes later.
Zunami said that collateral in the Curve pools remain secure and that the issue is now under investigation.
It appears that zStables have encountered an attack. The collateral remain secure, we delve into the ongoing investigation.
— Zunami Protocol (@ZunamiProtocol) August 13, 2023
It is currently believed a flash loan price manipulation attack may have impacted Zunami's zETH and UZD.
Related: Curve Finance vows to reimburse users after $62M hack
Zunami is a decentralized revenue aggregator protocol that allows users to stake stablecoins for yield, with its largest stable pools situated on Curve.
Cointelegraph reached out to Zunami for comment but did not receive an immediate response.
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story
This is a developing story, and further information will be added as it becomes available.