Zunami Protocol Stablecoin Swap MEV Sandwich Attack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Zunami Protocol Logo/Homepage

[1][2][3][4][5][6][7]

About Zunami Protocol

Zunami Protocol is a decentralized finance (DeFi) platform designed to optimize yield generation through aggregated stablecoins and omnipools. At its core, Zunami issues aggregated stablecoins like zunUSD and zunETH, which are backed by diversified assets in yield-generating strategies across various DeFi protocols. These assets are held in omnipools, which combine liquidity and flexibility, enabling efficient, decentralized, and profitable collateral management.

The omnipools are structured to maximize returns—offering users an average APY of around 20%—by distributing capital across multiple DeFi platforms such as Curve Finance, Convex Finance, Stake DAO, FRAX Finance, and C.R.E.A.M. Finance. The collateral within these pools is managed through DAO voting, ensuring that strategy adjustments are community-driven. Zunami’s Algorithmic Peg Stabilizer (APS) further ensures that stablecoin prices remain steady, automatically rebalancing portfolios and compounding yields.

The ZUN token powers governance and liquidity functions within the ecosystem. Holders can vote on protocol decisions, manage liquidity-as-a-service (LaaS), influence token emissions, and earn rewards through staking. Notably, ZUN stakers act as an additional collateral layer, reinforcing stability and receiving 100% of the protocol’s revenue in return.

Security-wise, Zunami has emphasized decentralization with no proxy contracts, DAO-based risk management, and independent audits. Its open documentation and Gitbook provide full technical transparency. In sum, Zunami Protocol is an innovative approach to stablecoin yield farming—combining aggregation, decentralization, and automated strategy execution.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The Zunami Protocol team was exploited via a sandwich-style MEV strategy during a large DAI-to-USDC swap, manipulating token prices via front- and back-running to cause a $49,658 loss from slippage.

Key Event Timeline - Zunami Protocol Stablecoin Swap MEV Sandwich Attack
Date Event Description
January 26th, 2023 7:14:23 AM MST Stablecoin Swap Sandwich Attack The Zunami Protocol team swaps 66,888 DAI and receives only 17,230 USDC due to a sandwich attack against their transaction in the mempool. This is reportedly "while transferring funds to the new XAI + FRAXBP pool".
January 29th, 2023 4:14:00 PM MST Silo Finance Sees Deposit Already Silo Finance reports on the sandwich attack transaction as "a 130k XAI-FRAXBP deposit" in a tweet shortly after an announcement of a partnership between the two projects.
February 5th, 2023 7:31:21 AM MST Zunami Protocol Attacked Twice An article is published on Medium which highlights two attacks against the Zunami Protocol.
June 13th, 2025 10:04:00 AM MDT Second Rekt Article Published Rekt News publishes a second article about Zunami Protocol which includes this exploit, after $500k goes missing from the protocol. The chief technology officer Mikhail Zelenin is a primary suspect, however he has a story about border security guards potentially holding his laptop for hours of analysis.

Technical Details

The attack on Zunami Protocol involved a sandwich-style MEV exploit during the swap of 66,888 DAI to USDC on a decentralized exchange. The attacker observed the transaction in the mempool and strategically placed two trades — one before (front-running) and one after (back-running) — to manipulate the exchange rate in their favor. By temporarily distorting the token price, the attacker ensured Zunami’s transaction executed at an unfavorable rate, then reversed the price change to capture the profit.

As a result, Zunami received only 17,230 USDC instead of a fair market value, incurring a loss of approximately $49,658 due to the slippage. This indicates the attacker effectively exploited either low liquidity or poor pricing resilience in the DAI/USDC trading pair, most likely through SushiSwap or a similar AMM. The attack highlights how vulnerable large, unprotected swaps are to MEV strategies when executed publicly and without slippage limits.

The impact didn’t end with the stolen funds. The distorted swap rate temporarily devalued Zunami’s ZLP tokens in the newly launched XAI + FRAXBP pool, reducing their price to $0.8213, while the ZLP price in the MIM pool remained at $1.1252. This price discrepancy introduced an arbitrage vector that could later be exploited.

Total Amount Lost

According to Zunami Protocol, "In total, the attackers managed to steal approximately $49,658." Rekt News later rounded this down to $49k in their reporting.

The total amount lost has been estimated at $50,000 USD.

Immediate Reactions

This situation was initially not publicly noted by the Zunami Protocol team.

Ultimate Outcome

The Zunami Protocol team would later report this situation as follows:

"On January 26, while transferring funds to the new XAI + FRAXBP pool, we were subjected to a MEV attack. During the exchange of 66,888 DAI, we received only 17,230 USDC due to a sandwich attack on a transaction in the mempool. In total, the attackers managed to steal approximately $49,658."

This resulted in a situation where the price of ZLP in the XAI liquidity pool decreased to $0.8213, while the price of ZLP in the MIM liquidity pool remained at $1.1252.

Total Amount Recovered

The team reported to be preparing a compensation plan for the attack in a Medium article which they published entitled "The Zunami Protocol has come under two attacks" on February 5th, 2023.

There do not appear to have been any funds recovered in this case.

Ongoing Developments

Specific details of the sandwich attack are not known.

Zunami Protocol continues to operate, and would suffer future exploits.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Rekt - Zunami Protocol - Rekt II (Accessed Jun 13, 2025)
  2. The Zunami Protocol has come under two attacks - Zunami Protocol Medium (Accessed Jun 13, 2025)
  3. Sandwich Attack Transaction - EtherScan (Accessed Jun 13, 2025)
  4. Silo Finance - "Oh? What's that? Could it be a 130k XAI-FRAXBP deposit already?" - Twitter/X (Accessed Jun 13, 2025)
  5. Compensation Plan - Zunami Protocol Medium (Accessed Jun 13, 2025)
  6. Rekt HQ - "$500k vanished from @ZunamiProtocol in a May admin key exploit. Months of stagnant development & perfect timing may have paved the way. Team offered weak excuses, dismissed concerns, left users empty-handed. When emergency keys open doors, who's in control? Story in comments." - Twitter/X (Accessed Jun 13, 2025)
  7. Zunami Protocol Homepage (Accessed Jun 11, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Zunami_Protocol_Stablecoin_Swap_MEV_Sandwich_Attack&oldid=6776"