According to reports, Zabu Finance, a DeFi application on the Avalanche blockchain, has been used in encrypted tokens worth US$3.2 million. The removal of a large number of tokens eventually reduced the value of Zabu tokens to zero.
Zabu Finance Announce Take advantage of Avalanche and popular Avalanche-hosted decentralized exchanges (such as Pangolin and Trader Joe) for help:
“Zabu Team Wallet did not sell a Zabu. We are under attack, possibly from the spore pool. We are investigating exploits. Need help with pangolins, businessman Joe, and Avalanche.”
According to further investigation, Zabu discovered that the attacker had stolen assets from the Spore token pool. Blockchain browser, Including 402.9 WETH, 23,157 WAVAX, 21,501 PNG, 106,848 AVE, 361,267 USDT And 23,958.93 JOE, totaling 3.2 million US dollars when used.
Zabu confirmed that the attacker was able to interact with the blockchain contract and “successfully withdrew 4.5 billion Zabu tokens from Zabu Farm Contract, all dumped to Zabu’s pangolin LP and Trader Joe LP, and stole approximately $600,000.” Soon after the vulnerability was exploited, Zabu and Yield Yak, a DeFi tool hosted by Avalanche, advised investors to withdraw their assets, otherwise they might lose their assets to the attacker.
As part of remedy, Zabu intends to return tokens to investors based on their balance before and after the hack:
“The snapshot process may take time because we need to calculate the balances of Zabu holders, Farm Stakers (for Zabu related mining pools) and AutoFarm Stakers (for Zabu related mining pools). We may need the help of Markr, DeBank and Avalanche. “
Zabu also burned the remaining 93.12 million Zabu tokens worth $360,000.
Avalanche and Zabu have not yet responded to Cointelegraph’s request for comment.
On August 30, xToken, another DeFi project, reported a cyber attack that caused nearly US$4.5 million in losses.According to Cointelegraph’s report, the hacker passed The complex process of token exchange This involves obtaining a fast loan of 25,000 ETH (approximately US$81 million) from the dYdX decentralized exchange to carry out the attack.
After that, xToken cancelled the plug of xSNX products on the grounds of “significant surface area of the vulnerability”.