Hacks are still the order of the day in the young world of decentralized finance. Now it has hit the Avalanche dApp Zabu Finance.
The smart contract platform Avalanche has had a run. The integration of Apricot Phase Three (AP3), which, similar to Ethereum, introduced a variable fee system based on block utilization and also ensured the further connection to the Ethereum Virtual Machine, as well as the start of the liquidity mining program “Avalanche Rush” have their obvious Contribution to the AVAX rally. The price of the native cryptocurrency shot up by a proud 286 percent in just one month. Only yesterday the AVAX price reached a fresh record high of 64.51 US dollars. At the time of going to press, however, the price has fallen by around 17 percent within 24 hours. In addition to profit-taking, the hack on Zabu Finance could also be a trigger for the loss in value.
Avalanche dApp Zabu Finance robbed
The still young dApp Zabu Finance is one of the DeFi projects that are supposed to make the coins of investors work for them via yield farming or staking – passive income in other words. However, some prefer to let other people’s coins work for them instead of their own. This is how it happened, as is not uncommon on the DeFi prairie. Like the developers in a Tweet series announced, Zabu Finance was the victim of an attack on September 11, in which loud DeFi Prime Tokens for the equivalent of 3.2 million US dollars were withdrawn.
The unknown attacker took advantage of a security hole in the spore pool and proceeded according to the scheme with which PolyYeld, Cerberus or Garuda were already looted. Accordingly, the hacker manipulated the “Transfer Tax” mechanism, which is used by dApps to distribute rewards in order to produce an excess of tokens. The 4.5 billion ZABU tokens artificially generated as rewards were then sold on the decentralized Pangolin exchange. As a result, the course fell into the abyss. In just one hour, ZABU plunged around 100 percent to 0.00001592 US dollars, making it virtually worthless at the time of going to press.
The team then published the attacker’s wallet address and blacklisted the ZABU token stocks. In the meantime, the developers are taking a snapshot, based on which “ZABU v2 tokens are distributed to those affected”. In addition, “the farm will be restarted as version 2 with a Zabu version 1 staking pool for those who bought in after the hack”. It remains to be seen whether that will be enough to regain trust. Compared to the billion-dollar flash loan attack wave on the Binance Smart Chain, however, the Zabu attack plays more in the district class.