Zunami Protocol’s Post Mortem Reveals Flash Loan Attack Details
In a recent incident, the Zunami Protocol fell victim to a flash loan attack on August 13, 2023, resulting in a significant loss of 1,178 ETH, valued at approximately $2.16 million. The complex attack involved manipulating the price of StakeDAO (SDT) on Sushiswap, effectively disrupting the balance of UZD, Zunami’s stable token. The protocol released a Post Mortem of what happened exactly.
1/ Post Mortem – zStables Exploits.
TL;DR. During the night of August 13-14, Zunami was attacked, with over 2 million stolen from zStable Curve Pools.
Omnipool collateral is safe and will be distributed to holders prior to the hack.
Zunami V2, with fixes and audit, coming soon.
— Zunami Protocol (@ZunamiProtocol) August 15, 2023
According to the post mortem, the attackers also employed flash loans, a technique that allowed them to rapidly inflate the prices of SDT and CRV tokens. This manipulation enabled the exploitation of UZD and zETH emissions, allowing the attackers to drain liquidity from the UZD/FRAXBP and zETH/frxETH pairs.
The Zunami Protocol team, the brains behind the affected DeFi platform, took to their official communication channels to address the incident. In a statement, they acknowledged the attack and confirmed that the loss exceeded $2 million.
In a bid to regain the trust of their community, the protocol outlined their plans for the future. The team intends to implement necessary fixes, update both the omnipools and zStables, and undergo a thorough audit with a reputable third-party company for the upcoming zStables V2 release. They also made it clear that they would fully reimburse the zStables collateral to the affected holders.
As part of their recovery efforts, the Zunami Protocol team also assured the community that the UZD and zETH collateral would be distributed to the holders shortly before the hack occurred. They emphasized their commitment to providing equal compensation to all affected participants, regardless of their involvement in liquidity pools or their wallet addresses.
In the aftermath of the breach, the Zunami Protocol team is actively calculating balances and preparing to release detailed data related to the attack. They have also outlined their plans to provide collateral in USDT, USDC, and DAI to the affected users, within the next one to two weeks. However, users are advised that they will need to initiate the claim process themselves through the contract.