Decentralized finance protocol Zunami Protocol has advised users not to buy any of its Zunami Ether (zETH) or Zunami USD (UZD) stablecoins, after encountering an attack on its “zStables” pools on Curve Finance.
On Aug. 13, Zunami confirmed on X (Twitter) that its stablecoin pools had encountered an attack, adding that collateral remains secure as it begins an investigation into the potential exploit.
Please do not buy zETH and UZD at the moment, their emission has been attacked.
— Zunami Protocol (@ZunamiProtocol) August 14, 2023
Blockchain security firm PeckShield estimates over $2.1 million was stolen from Zumani’s Curve Pool, pegging the exploit to a price manipulation issue. Fellow blockchain security firm Ironblocks arrived at a similar figure.
Hi @ZunamiProtocol Today's hack leads to >$2.1m loss and there are two hack txs involved:
– tx1: https://t.co/jsOmPT62mk
– tx2: https://t.co/u7YOvoS0R9
It is a price manipulation issue, which can be exploited by donation to incorrectly calculate the price as shown in the… https://t.co/yqwMVy0pCA pic.twitter.com/OfrDni7KtE
— PeckShield Inc. (@peckshield) August 14, 2023
PeckShield was one of the first to detect the exploit on Curve on Aug. 13 at 10:47 UTC, which was confirmed by Zunami about 20 minutes later.
Related: Curve Finance vows to reimburse users after $62M hack
Zunami is a decentralized revenue aggregator protocol that allows users to stake stablecoins for yield, with its largest stable pools situated on Curve. The attack has impacted the Zunami USD stablecoin, and Zunami Ether.
Zunami’s zETH and UZD Curve pools have been flagged with red exclamation marks on Curve. Source: Curve Finance
Cointelegraph reached out to Zunami for comment but did not receive an immediate response.
Update (Aug. 14, 2:09 am UTC): This article has been updated to include the latest tweet from Zunami Protocol asking users not to buy UZD or zETH.
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story