The cool side of the blazing crypto ecosystem.
A Crypto newsletter covering the latest Hacks & Crime to keep you safe.

What’s in today’s crime cooler:

• Summary of What Happened

• What is the Impact on Users, Businesses, and Funds

• How to be More Secure in the Future

• Final Thoughts

Zunami Protocol a growing DeFi, decentralized finance, platform has become victim to a security breach. The platform announced that its liquidity pool on Curve Finance has been attacked, and this resulted in loss of $2.1 million.

This was confirmed a price manipulation attack on their “zStables” stablecoin pools on Curve Finance.

Here is a rundown of how the attack happened:

1. Borrowing Money (Flash Loan):

• The attacker started by taking a "flash loan." This is a special kind of loan where you can borrow a lot of digital money, but you have to pay it back really quickly (in the same transaction).

• For this attack, the bad guy borrowed this money from a place called "Balancer," which is another DeFi platform.

2. Adding Liquidity and Changing Prices:

• With the borrowed money, the attacker then went to Zunami’s pools (which are like special parts of the piggy bank where people’s money is mixed together).

• They put a large amount of this borrowed money into the pool. This is called "adding liquidity."

• By adding a lot of money suddenly, they were able to change the prices of the coins in the pool. This is called "price manipulation." It’s like suddenly pouring a lot of apple juice into a mix of apple and orange juice, so now it’s mostly apple juice.

3. Making Profitable Trades:

• While the prices were manipulated (or skewed), the attacker traded their other coins for the coins in the Zunami pool. Because the prices were skewed in their favor, they got a lot more valuable coins than they should have.

• It’s like exchanging a small bag of apples for a big bag of oranges, because the system was tricked into thinking apples were super valuable for a moment.

4. Removing Liquidity and Resetting Prices:

• After making these profitable trades, the attacker quickly took the borrowed money back out of the Zunami pool. This is called "removing liquidity."

• When they did this, the prices in the pool went back to normal (because the extra apple juice was taken out of the mix).

5. Paying Back the Flash Loan:

• After getting the valuable coins from Zunami, the attacker then returned the borrowed money to Balancer, paying off the flash loan.

• This is a crucial step because flash loans have to be paid back super quickly, or the whole transaction is cancelled.

6. Hiding the Stolen Funds:

• With the valuable coins they unfairly got from Zunami, the attacker didn’t want to be caught. So, they sent these coins to a service called "Tornado Cash."

• Tornado Cash is like a magic tornado that mixes up the paths of coins so it’s hard to see where they came from and where they went. It’s a way of hiding the tracks of the stolen money.

7. The Result:

• At the end of this sneaky process, the attacker had a lot of valuable coins (over $2.1 million worth), and Zunami’s pools were left in a mess, with other people’s coins now worth a lot less.

This kind of attack is often called a “price manipulation attack” combined with a “flash loan attack” because it involves quickly borrowing money and manipulating prices to make a profit. all in a very short amount of time.

Users:

Loss of funds for people that used Zunami Finance and users may have trust issues with smaller DeFi platforms such as Zunami.

Business:

$2.1 million from the Zunami pools is a big blow, repetitional damage for current and new investors, having to stop certain services and activities to fix the vulnerabilities, and they may face legal challenges from regulators or users.

Becoming more secure in the future…

Two months earlier, Xian Yu, founder of SlowMist, a blockchain security platform stated their firm identified the attack and vulnerabilities.

Clearly Zunami Finance didn’t care that much about security or they would have took into consideration the messages from SlowMist or done some further research.

Our Finals Thoughts on this hack, if Xian Yu at SlowMist really warned Zunami previously then this is just uncaring behavior from them. They had someone reach out and they had two months before the breach occurred.

It’s important these platforms gets audited and potentially have big bounty programs to help them stay safe.

Share the Crypto Cooler

We can hardly contain our excitement as we grow we want to gear up and unveil a brand-new referral program. We want to hook you up with some cool rewards, including stickers, nifty dad hats, and more.
Stay tuned to be rewarded!

Disclaimer: The information shared in this newsletter is for informational purposes only and should not be considered financial advice. It is crucial to conduct independent research and consult with a financial advisor before making any investment decisions.