Zabu Finance Exploited on Avalanche For $3.2M

Share Article
In Brief
  • Zabu Finance exploited in known smart contact bug

  • Hacker minted 4.5 billion reward tokens

  • ZABU token price collapses to zero

  • promo

    KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption Read now!

The Trust Project is an international consortium of news organizations building standards of transparency.

Decentralized finance (DeFi) protocol Zabu has been exploited in what appears to be the first major hack in the Avalanche ecosystem.

On Sept 12, industry outlet DeFiPrime tweeted that Zabu Finance had been exploited for $3.2 million in what could be the first major attack on Avalanche.

The protocol followed up with a tweet of its own confirming the exploit and that the funds were stolen from its SPORE pool;

“Zabu Team Wallet has not sold a single Zabu. We’re under an exploit, possibly from Spore Pool. We’re investigating the exploit. Need help,”

It added that the attacker exploited the “Transfer Tax” mechanism of the protocol to mint tokens causing the price to collapse. The attacker manipulated a vulnerability in the contract used by yield farms to distribute rewards. Security firm PeckShield commented “the same bug happened many times before,”

Snapshot, launch v2, move on

Zabu Finance, which describes itself as a full-stack DeFi station on Avalanche, explained that the attacker interacted with the contract to remove 4.5 billion ZABU tokens to accrue liquidity provider tokens in other farms on the Avalanche Pangolin and Trader Joe DEXes. Those were then sold as the hacker made off with the loot.

Zabu set the rewards to zero so that users could withdraw funds after realizing that the Zabu Farms had been exploited. The team now plans to take a snapshot from before the hack but also seek a solution for those that bought in after the exploit.

It will distribute ZABU v2 tokens to those affected and restart the farm as v2 with a Zabu v1 staking pool for those that aped in after the hack.

“In that way, people who lost money pre-hack will get distributed the tokens, and continue to support the protocol if they want. For the late buyer (post-hack), they can also participate in the Farm V2 by staking what they’ve bought in a Zabu V1 Staking Pool.”

ZABU prices collapse

The removal of so many ZABU tokens caused prices to collapse to zero (or close to it). They were trading at around $0.004 on Sunday and are pretty much worthless today ($0.00002) according to CoinGecko.

 Zabu Finance is the latest in a long list of dubious DeFi protocols that have been exploited in 2021. According to DeFiYield’s REKT database, $1.6 billion has been lost to similar hacks, scams, and rug pulls over the past 5 years.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption      

Read now Startup – Leading Blockchain Project Discount Platform for Startups

Read now

Olympus, a P2E NFT Game Similar to Clash Royale, Is Making Headlines

Read Now