Zabu Finance Exploited on Avalanche For $3.2M

Share Article
In Brief
  • Zabu Finance exploited in known smart contact bug

  • Hacker minted 4.5 billion reward tokens

  • ZABU token price collapses to zero

  • promo

    Stake your points and qualify for the 200,000 USDT prize pool. Start staking now!

The Trust Project is an international consortium of news organizations building standards of transparency.

Decentralized finance (DeFi) protocol Zabu has been exploited in what appears to be the first major hack in the Avalanche ecosystem.

Sponsored



Sponsored

On Sept 12, industry outlet DeFiPrime tweeted that Zabu Finance had been exploited for $3.2 million in what could be the first major attack on Avalanche.

The protocol followed up with a tweet of its own confirming the exploit and that the funds were stolen from its SPORE pool;

Sponsored



Sponsored

“Zabu Team Wallet has not sold a single Zabu. We’re under an exploit, possibly from Spore Pool. We’re investigating the exploit. Need help,”

It added that the attacker exploited the “Transfer Tax” mechanism of the protocol to mint tokens causing the price to collapse. The attacker manipulated a vulnerability in the contract used by yield farms to distribute rewards. Security firm PeckShield commented “the same bug happened many times before,”

Snapshot, launch v2, move on

Zabu Finance, which describes itself as a full-stack DeFi station on Avalanche, explained that the attacker interacted with the contract to remove 4.5 billion ZABU tokens to accrue liquidity provider tokens in other farms on the Avalanche Pangolin and Trader Joe DEXes. Those were then sold as the hacker made off with the loot.

Zabu set the rewards to zero so that users could withdraw funds after realizing that the Zabu Farms had been exploited. The team now plans to take a snapshot from before the hack but also seek a solution for those that bought in after the exploit.

It will distribute ZABU v2 tokens to those affected and restart the farm as v2 with a Zabu v1 staking pool for those that aped in after the hack.

“In that way, people who lost money pre-hack will get distributed the tokens, and continue to support the protocol if they want. For the late buyer (post-hack), they can also participate in the Farm V2 by staking what they’ve bought in a Zabu V1 Staking Pool.”

ZABU prices collapse

The removal of so many ZABU tokens caused prices to collapse to zero (or close to it). They were trading at around $0.004 on Sunday and are pretty much worthless today ($0.00002) according to CoinGecko.

 Zabu Finance is the latest in a long list of dubious DeFi protocols that have been exploited in 2021. According to DeFiYield’s REKT database, $1.6 billion has been lost to similar hacks, scams, and rug pulls over the past 5 years.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Sponsored
Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Limited offer! Learn to mine and trade crypto today for free

Join

Earn up to $10,000 USD every week in CoinFLEX AMM+ Arena!

Earn Now

Be our Supreme Scorer and qualify for a grand prize pool of 200,000 USDT!

Join