Hacks are still commonplace in the young world of decentralized finance. Now it has hit the Avalanche dApp Zabu Finance.
The Avalanche smart contract platform has been on a run. The integration of Apricot Phase Three (AP3), which introduced a variable fee system based on block usage similar to Ethereum and also ensured further connectivity to the Ethereum Virtual Machine, as well as the launch of the liquidity mining program “Avalanche Rush” have made their unmissable contribution to the AVAX rally. The price of the native cryptocurrency has shot up by a whopping 286 percent in just one month. Just yesterday, the AVAX price hit a fresh record high of $64.51. However, as of press time, the price has fallen about 17 percent in 24 hours. In addition to profit-taking, the hack on Zabu Finance could be a contributing factor to the drop in value.
Avalanche dApp Zabu Finance robbed
The still young dApp Zabu Finance is one of the DeFi projects that are supposed to let investors’ coins work for them via yield farming or staking – passive income, in other words. However, some would rather have the coins of others work for them instead of their own. So it came to pass, as is not uncommon in the DeFi prairie. As the developers announced in a series of tweets, Zabu Finance was the victim of an attack on September 11 that siphoned off tokens for the equivalent of $3.2 million, according to DeFi Prime.
In the process, the unknown attacker took advantage of a vulnerability in the Spore Pool, following the same scheme that has already been used to loot PolyYeld, Cerberus or Garuda. According to the report, the hacker manipulated the “transfer tax” mechanism used by dApps to distribute rewards in order to produce a surplus of tokens. The 4.5 billion ZABU tokens artificially generated as rewards were then sold via the decentralized exchange Pangolin. As a result, the price plummeted. In just one hour, ZABU plummeted by around 100 percent to $0.00001592, making it virtually worthless at press time.
The team then published the attacker’s wallet address and blacklisted the ZABU token holdings. Meanwhile, the developers are making a snapshot, based on which “ZABU v2 tokens will be distributed to those affected.” In addition, “the farm will be relaunched as version 2 with a Zabu version 1 staking pool for those who bought in after the hack.” Whether that will be enough to regain trust remains to be seen. Compared to the billion-dollar <a href=”https://www.btc-echo.com/news/massive-flash-loan-attacks-on-binance-smart-chain-119850/” target=”_blank” rel=”noopener” >flash-loan-attack-wave-on-binance-smart-chain, however, the Zabu attack plays more in the circle class.