ZABU Token Tanks 99% After $3.2 Million DeFi Hack

Zabu Finance, a DeFi project running on the Avalanche blockchain, has been exploited for around US$3.2 million worth of its native token, Zabu – plunging its price within minutes to zero.

First DeFi Hack on the Avalanche Blockchain

In what was the first exploit on the Avalanche blockchain, the attacker drained the funds from the SPORE pool, exploiting the “Transfer Tax” mechanism to mint tokens and subsequently plunging its value to zero. The SPORE pool contained 402,9 Wrapped Ether (WETH), 23,157 Wrapped AVAX (WAVAX), 21,501 Pangolen (PNG), 106,848 Avaware (AVE), 361,267 Tether (USDT), and 23,958 JOE.

The attacker found a bug in the contract used by yield farms to distribute rewards. According to security firm PeckShield, the bug has “happened many times before”.

Yet the Zabu Finance team tried to calm down its community, outlining it wasn’t behind the attack and burned all team tokens. The protocol burned the remaining 93.21 million Zabu tokens – around US$360,000 worth.

Another Day, Another DeFi Hack

Zabu Finance is the latest protocol to be hacked, adding to a list of hacked projects this year. A similar case involving Popsicle Finance occurred on August 7 when an attacker manage to drain 85 percent of the deposit pools by taking advantage of a bug found on the smart contracts.

Just a few days later, an unknown attacker managed to drain US$600 million from cross-chain protocol Poly Network. While not a DeFi hack per se, as the attacker turned out to be a white hat hacker (an ethical hacker), it was by far the biggest amount stolen in DeFi history.