Binance Smart Chain’s Pancake Bunny drained of $200M after flash loan exploit
A Chainalysis report a few months ago had claimed that emerging trends are only likely to “make DeFi more attractive to criminals.” In light of the latest incident to make waves in the crypto-space, it’s not difficult to disagree with such an assertion.
Binance Smart Chain DeFi protocol Pancake Bunny is the latest project to bear the burden of such an incident via a flash loan attack. The protocol’s flagship crypto, ranked 814th on CoinMarketCap, was trading at $29.07 at the time of writing, having registered a price correction of 81.46% in less that 24 hours.
The Attack
The team behind Pancake Bunny was quick to release a statement on the same on Twitter, with the project alerting its users.
Attention Bunny Fam
Our project has suffered a flash loan attack from an outside exploiter.
We will be posting a post mortem, in depth analysis, but for the time being we would like to update the community as to how this happened.
— pancakebunny.finance (@PancakeBunnyFin) May 20, 2021
Reports seemed to suggest that attackers stole around $200 million after manipulating BUNNY’s price. In doing so, the perpetrators drained the BUNNY/BNB pool, making off with 700,000 BUNNY tokens and 114,000 BNB. After the first reports broke out, there were rumors that the hackers made off with $1 billion worth of tokens, a development that would mean the vaults being compromised. However, that wasn’t the case, with the team soon reiterating.
“We would like to remind the community that no vaults have been compromised. The exploit was an economic exploit that attacked the price of BUNNY, using flash loans. We repeat, no vaults have been breached.”
Price Manipulation
As highlighted by a series of tweets from the Pancake Bunny team, the following was the chronology of events,
4⃣ The hacker then dumped all the bunny in the market, causing the bunny price to plummet
5⃣The hacker paid back the bnb through pancakeswaphttps://t.co/ph9OoLQQADhttps://t.co/IWYfBHuijb
— pancakebunny.finance (@PancakeBunnyFin) May 20, 2021
Now, even though the project’s engineering department was unable to provide a full post-mortem report at the press time, a detailed list of the events was available on BSCScan. Additionally, Igor Igamberdiev was able to provide an in-depth analysis of the same.
Response
Even so, at the time of writing, Pancake Bunny did claim that they had determined the nature of the exploit and how it happened. Additionally, the project also revealed that it is working on a reimbursement plan. The team finally stated,
“Withdrawals and deposits will be frozen temporarily until we increase security.”
Repercussions
BUNNY wasn’t the only token to face the wrath of the said token, however. Corrections could be seen on the charts of BNB as well, with the alt having already been under significant bearish pressure thanks to BTC and ETH’s depreciation on the charts.
Binance Smart Chain (BSC) and DeFi protocols have been a prime target for a number of hacks and other illicit activities in the past, with the websites of Cream Finance and PancakeSwap being notable targets a few months ago.