Zabu, a DeFi app under Avalanche confirmed that the attacker was successful in withdrawing 4.5 billion tokens from the Zabu Farm Contract and stealing around $600,000 in total.
It has been revealed that Zabu Finance, a DeFi application running on the Avalanche blockchain, has been attacked in order to obtain crypto tokens worth $3.2 million. With the withdrawal of a large number of tokens, finally the value of Zabu tokens was lowered to zero.
Avalanche and major Avalanche-hosted decentralised exchanges such as Pangolin and Trader Joe were contacted about the exploit by Zabu Finance, who requested assistance.
“Zabu Team Wallet has not sold a single Zabu. We’re under an exploit, possibly from Spore Pool. We’re investigating the exploit. Need help Pangolin, Trader Joe, Avalanche.”
Following a thorough investigation, Zabu discovered that the attacker had stolen assets from a pool of Spore tokens.
According to the blockchain explorer, included 402.9 WETH, 23,157 WAVAX, 21,501 PNG, 106,848 AVE, 361,267 USDT, and 23,958.93 JOE, all of which were worth a total of $3.2 million at the time of the exploit, according to the blockchain explorer.
Zabu acknowledged that the attacker was able to engage with the blockchain contracts and “successfully pulled out 4.5 billion Zabu tokens from the Zabu Farm Contract, dumped them all to Pangolin LPs and Trader Joe LPs of Zabu, and stole approximately $600,000.”
Investors were encouraged to withdraw their holdings as soon as the vulnerability was discovered by Zabu and Yield Yak, a DeFi tool hosted by Avalanche that warned of the danger of losing their money to the attacker.
According to Zabu, as part of the remediation process, tokens will be returned to investors based on their balances before and after the hack:
“The process of Snapshot might take time as we need to calculate balances of Zabu Holders, Farm Stakers (for Zabu-related Pools) and AutoFarm Stakers (for Zabu-related Pools). We might need help Markr, DeBank and Avalanche.”
Zabu has also burned the remaining 93.12 million Zabu tokens, which were worth a total of $360,000 at the time of burning.Avalanche and Zabu had not responded to Cointelegraph’s request for comment at the time of publication.
On August 30, yet another DeFi project, xToken, disclosed a cyberattack, which resulted in a loss of roughly $4.5 million in cryptocurrency.
As published by Cointelegraph, the hacker went through an intricate procedure of token exchanges, which included obtaining a flash loan from the dYdX decentralised exchange for 25,000 ETH (approximately $81 million) in order to carry out his attack.
Following the incident, xToken decided to discontinue the xSNX product due to “significant surface area for vulnerabilities.”