Zunami Protocol

2023-01-26

Zunami Protocol's fund transfer is sandwich-attacked in the mempool; approximately $49,000 is lost.

2023-02

A series of 13 flash loan transactions exploit price gaps between Zunami liquidity pools; combined losses from January and February 2023 incidents totals approximately $260,000 per Zunami's own disclosure.

2023-06

SlowMist privately notifies Zunami Protocol of the price manipulation vulnerability that would later be exploited; team response is described as 'unpleasant' and no fix is applied.

2023-08-13

Zunami Protocol is exploited via a flash loan price manipulation attack targeting the MIMCurveStakeDao strategy; approximately $2.1 million (1,184 ETH) is drained from zETH and UZD pools on Curve Finance. UZD falls over 99% and zETH falls over 88%.

2023-08-14

Zunami confirms the exploit on social media; stolen funds are laundered via Tornado Cash. PeckShield, CertiK, Halborn, and Ackee Blockchain publish post-mortem analyses.

2023-09

Zunami Protocol completes an angel funding round and announces development of a V2 update.

2025-05-14

An admin key compromise results in the theft of approximately $500,000 in zunUSD and zunETH collateral. An admin role is granted 7 minutes before 296,456 LP tokens are transferred to an attacker wallet. Funds are laundered via Tornado Cash.

2025-05

Zunami team CEO and CTO make public statements; CTO alleges Russian police involvement and possible laptop cloning. Team subsequently goes silent for approximately three weeks. GitHub shows no commits for at least three months prior.