Back to the list

Avalanche-Based Decentralized Finance Protocol, Zabu (ZABU) Hacked | BTCMANAGER

source-logo  btcmanager.com 13 September 2021 16:40, UTC
Follow by Email

Zabu Finance has been targeted by hackers in a $3.2 million heist. The DeFi protocol powered by the Avalanche (AVAX) blockchain, announced via Twitter on September 12, 2021, that the bad actors stole the funds by exploiting a vulnerability in its Spore liquidity pool.

Zabu Finance Hacked

Zabu Finance, a decentralized finance and yield farming protocol built upon the Avalanche (AVAX) blockchain, has suffered a serious security breach, gifting the hackers $3.2 million worth of cryptoassets.

Per a tweet by DeFi market data platform, DeFiPrime, the tokens that were stolen by the attacker include USDT (361,267), WETH (402.9), WAVAX (23,157), PNG (21,501), AVE (106,848), and JOE (23,958.93).

Shedding more light on the unfortunate incident, the Zabu Finance team explained that the attacker took advantage of a loophole in the Spore “Transfer Tax” smart contract.

We've been exploited today. What happened?

Everything was from a Pool of $SPORE Token -> https://t.co/D12H7uB5pD

Spore has Transfer Tax so that the attacker used the same mechanism with attacks explained on https://t.co/vXkCKPKBIz and https://t.co/SZiss6IC3R)

— Zabu Finance 🔺 (@zabufinance) September 12, 2021

What’s more, the team says the attacker successfully deployed the cchain.explorer.avax.network/address/0x5c9A contract and stole 4.5 billion ZABU tokens from the Zabu Farm Contract, before proceeding to dump the assets on the Pangolin and Trader Joe liquidity pools of ZABU and withdrew $600k.

Moving On With Zabu V2

At a time when rug pools and exit scams are increasingly becoming a thing in the world of decentralized finance, Zabu has made efforts to prove to its users that the heist was not an inside job 

While the team tried to salvage the situation and reduce its users’ losses by asking them to withdraw their staked assets via a tweet on September 11, not all traders were fortunate enough to escape the heist and as such, Zabu says it’s planning to take a snapshot of is platform before the hack to enable it to reward the victims, those who did not lose money, as well as yield farmers that took advantage of the dip to buy back their lost ZABU tokens.

“There are people who lost money and bought back in. So we are looking for a solution that protects people (pre-hack) but also supports people who aped back in post hack. We will snapshot pre-hack users and distribute Zabu V2 tokens and restart V2 Farm with a Zabu V1 staking pool,” declared the team, adding “this will enable people who lost money pre-hack to get the tokens and continue supporting the protocol if they want.”

Decentralized finance hacks have surged significantly in 2021, accounting for a massive 76 percent of all major heists globally. So far, the largest single DeFi attack occurred on August 10, 2021, when Poly Network lost $611 million to hackers.

At press time, ZABU token is hovering around $0.00006464, according to CoinMarketCap.

Related posts:

How FinNexus Is Incentivizing On-chain Options
DEX Aggregator 1inch Network (1INCH) Expands to Polygon (MATIC)
Why Future of Open Finance Will Be More Convenient, Safe, and Secure
mStable DeFi Protocol Goes Live on Polygon (MATIC)