DeFi yield aggregator Zunami Protocol has been hit with an exploit that may have led to losses of over $2.1 million, according to security firm PeckShield.
PeckShield tweeted on Monday morning in Asia that it had detected an ongoing attack involving two key transactions. PeckShield added that the stolen funds had been washed via mixing service Tornado Cash.
“Please do not buy zETH and UZD at the moment. [Their] emission has been attacked,” Zunami said.
Zunami did not immediately respond to The Block’s request for comment.
Price manipulation attack
PeckShield said in its tweet that the hack was a price manipulation issue, which could be “exploited by donation to incorrectly calculate the price as shown in the following figures.”
Xian Yu, founder of blockchain security firm SlowMist, tweeted today that their firm had identified the vulnerability two months ago.
“This project fell victim to price manipulation attacks, resulting in a loss of over $2.1 million. The key point is, our system detected this risk two months ago, and we informed them privately in advance,” said Yu, also known as Cos. “Unfortunately, that communication was an unpleasant experience... In hindsight, it appears that this could have been avoided.”
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.