Decentralized Finance (DeFi) protocol PancakeBunny now belongs to an exclusive but fast-growing club with two simple membership requirements – be on Binance Smart Chain and be exploited and drained of millions of funds.
On May 20, the PancakeBunny team posted on Twitter that the protocol was subjected to a vicious exploit, with the hacker making off with more than $200 million worth of crypto assets. On a series of threads, the team explained the incident was caused by a flash loan attack from an external entity.
The malicious attacker borrowed a substantial amount of Binance Coin (BNB), manipulated its price before dumping it on the platform’s BUNNY/BNB market.
A window of opportunity
The still-to-be-identified hacker took advantage of a brief window of time when the price of BUNNY swiftly surged from $150 to $240 before plummeting all the way to $0 in just over 30 minutes.
Luckily, the BUNNY/BNB pool was the only one drained by the culprit who managed to take 697,000 BUNNY and 114,000 BNB and with Binance Coin trading at just less than $300 at press time, it is believed the hacker quickly became $200 million richer. All funds that were borrowed to facilitate the cyber attack were returned thru Pancakeswap.
To add insult to injury, the attacker left a rabbit-themed (with pun intended) note to the transactions that drained the pool containing the message: “ArentFlashloansEaritating.”
Rolling back the incident
With PancakeBunny being one of the leading projects of Binance Smart Chain with more than $1 billion total value locked before the hack, some spectators are wondering if Binance will make a play to reverse the incident.
Back in May 2019, Binance suffered a major cyber attack and lost $40 million. Chief Executive Officer Changpeng Zhao hinted the losses can be reversed by making miners roll-back transactions facilitated by the Bitcoin blockchain.
Image courtesy of Cointelegraph News/YouTube