Binance Smart Chain-based Pancake Bunny is the latest DeFi project to suffer an exploit
Earlier today, PancakeBunny fell victim to a flash loan exploit after being targeted by an attacker who made away with around $200 million in crypto. The team behind the project shared the news on Twitter, saying an investigation would be conducted.
“Attention Bunny Fam. Our project has suffered a flash loan attack from an outside exploiter. We will be posting a post mortem, in depth analysis, but for the time being we would like to update the community as to how this happened.”
The team outlined how the hacker used borrowed funds to execute the attack in a subsequent series of Twitter posts. The anonymously developed yield farming aggregator reported that while the attacker did not breach their systems, he carried out an economic exploit that led to the loss of assets.
The exploiter took out a huge loan in Binance Coin ($BNB) using PancakeSwap before destabilising the BUNNY/BNB and USDT/BNB rates.
How the exploitation was achieved is yet to be clarified.
Following the market price exploitation, the attacker had a huge sum of BUNNY, all through the initial flash loan. The BUNNY price had risen significantly, and at that point, the perpetrator dumped the entire BUNNY bounty accrued.
The dumping of BUNNY assets caused a crash — an opportunity the attacker used to repay the initial $BNB flash loan. The attacker’s action to drain the BUNNY/BNB pool gifted him an aggregate 114,000 $BNB and 697,000 BUNNY, translating to about $200 million. The PancakeBunny team was insistent that not a single “vault” was compromised or breached.
The hacker signed off with a mocking dig that read, “ArentFlashloansEaritating.” PancakeBunny has already taken action to try and contain the effects of the exploit. Deposits and withdrawals were temporarily halted to allow for the heightening of security measures. The Binance Smart Chain-native further said that it was working on a reimbursement plan for the lost assets.
The attack couldn’t have come at a worse time for PancakeBunny’s investors, with crypto markets suffering huge slumps. The vulnerability will not inspire confidence in their users, and it may take time to regain stability. Just last month, Messari flagged flash loans as one of the biggest channels of crypto exploits. The data aggregator attributed an approximated half of exploit losses to flash loans. As one of the biggest players of the crypto markets, PancakeBunny’s encounter only shows that this threat is rising by the day.