Zabu Finance has been targeted by hackers in a $3.2 million heist. The DeFi protocol powered by the Avalanche (AVAX) blockchain, announced via Twitter on September 12, 2021, that the bad actors stole the funds by exploiting a vulnerability in its Spore liquidity pool.
Zabu Finance Hacked
Zabu Finance, a decentralized finance and yield farming protocol built upon the Avalanche (AVAX) blockchain, has suffered a serious security breach, gifting the hackers $3.2 million worth of cryptoassets.
Per a tweet by DeFi market data platform, DeFiPrime, the tokens that were stolen by the attacker include USDT (361,267), WETH (402.9), WAVAX (23,157), PNG (21,501), AVE (106,848), and JOE (23,958.93).
Shedding more light on the unfortunate incident, the Zabu Finance team explained that the attacker took advantage of a loophole in the Spore “Transfer Tax” smart contract.
We've been exploited today. What happened?
Everything was from a Pool of $SPORE Token -> https://t.co/D12H7uB5pD
Spore has Transfer Tax so that the attacker used the same mechanism with attacks explained on https://t.co/vXkCKPKBIz and https://t.co/SZiss6IC3R)
— Zabu Finance 🔺 (@zabufinance) September 12, 2021
What’s more, the team says the attacker successfully deployed the cchain.explorer.avax.network/address/0x5c9A contract and stole 4.5 billion ZABU tokens from the Zabu Farm Contract, before proceeding to dump the assets on the Pangolin and Trader Joe liquidity pools of ZABU and withdrew $600k.
Moving On With Zabu V2
At a time when rug pools and exit scams are increasingly becoming a thing in the world of decentralized finance, Zabu has made efforts to prove to its users that the heist was not an inside job
While the team tried to salvage the situation and reduce its users’ losses by asking them to withdraw their staked assets via a tweet on September 11, not all traders were fortunate enough to escape the heist and as such, Zabu says it’s planning to take a snapshot of is platform before the hack to enable it to reward the victims, those who did not lose money, as well as yield farmers that took advantage of the dip to buy back their lost ZABU tokens.
“There are people who lost money and bought back in. So we are looking for a solution that protects people (pre-hack) but also supports people who aped back in post hack. We will snapshot pre-hack users and distribute Zabu V2 tokens and restart V2 Farm with a Zabu V1 staking pool,” declared the team, adding “this will enable people who lost money pre-hack to get the tokens and continue supporting the protocol if they want.”
Decentralized finance hacks have surged significantly in 2021, accounting for a massive 76 percent of all major heists globally. So far, the largest single DeFi attack occurred on August 10, 2021, when Poly Network lost $611 million to hackers.
At press time, ZABU token is hovering around $0.00006464, according to CoinMarketCap.