Zunami Protocol Second Incident
Zunami Protocol lost ~$500K in a second incident, 2 years after its 2023 Curve-pool exploit, again from manipulable price derivation in its stablecoin strategy.
- Date
- Victim
- Zunami Protocol
- Chain(s)
- Status
- Funds Stolen
In May 2025, Zunami Protocol suffered a second exploit (~$500K), roughly two years after its August 2023 $2.1M Curve-pool manipulation. The 2025 incident again involved manipulable price-derivation in the protocol's stablecoin strategy accounting.
What happened
A flash-loan-funded manipulation of pool-derived pricing again let an attacker extract value from Zunami's strategy accounting — the same systemic weakness class as the 2023 incident, through a different specific path.
Aftermath
- Paused; limited recovery; protocol standing further eroded.
Why it matters
Zunami joins the catalogue's multi-incident protocols (DEUS ×3, Cream ×3, Platypus, Abracadabra ×3). The verdict is consistent: a protocol exploited via manipulable pricing in 2023, exploited again via manipulable pricing in 2025, demonstrates the post-incident remediation addressed the bug, not the systemic deficit. Two incidents, same root family, two years apart, is the pattern — not the coincidence.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-zunami-protocol-incident-may-2025
- [02]rekt.newshttps://rekt.news/zunami-protocol-rekt-2