Has Pancake Bunny fallen victim to a $1 billion hack?
Yesterday night, the majority of Europeans were sleeping and dreaming of what they would cook up for breakfast this morning. Little did they know that a hacker was having a midnight snack on Pancake Bunny, one of the top projects on the Binance Smart Chain (BSC).
Another DeFi flash loan exploit?
‘DeFi’ and ‘exploit’ are two words that quite often end up going with ‘flash loan’. After the recent flash loan exploit of bEarn, a cross-chain auto yield farming protocol, and the recent hacks of Value.defi, the BSC community thought that this difficult period of exploits was behind it. Alas, no.
While the broader crypto market was dumping, a smart little hacker managed to bag himself a nice jackpot, estimated by some to be worth $1 billion (£710 million)! To simplify the hack, the user took out a flash loan on PancakeSwap to borrow a large amount of Binance Coin (BNB). “But wait,” I hear you cry, “PancakeSwap doesn’t offer flash loans, what are you talking about?!” Well, let me tell you! Although PancakeSwap doesn’t draw much attention to this, flash loans are native to Uniswap V2. PancakeSwap is one of Uniswap’s many forks, meaning it has the same functions, even if they are hidden from regular users.
The attacker then manipulated the prices of the USDT/BNB and BUNNY/BNB pairs. In doing so, they somehow crashed the site, giving them rewards in BUNNY to the tune of an additional 6.97 million BUNNY.
Naturally, the hacker then started selling these, tanking the price of the token from $229 to $1, a solid drop of 99%.
Pancake Bunny is one of the protocols with the biggest total value locked (TVL) on the BSC: we’re talking about a cool $3.5 billion (~£2.5 billion)! With $2 billion of this lost previously for various reasons, the new hack triggered panic in the BSC ecosystem, causing other assets such as CAKE to fall by 40%…
The end of the story?
The Pancake Bunny team spoke out, stating that a repayment plan was underway and that the flaws that allowed this exploit were being patched. Moreover, contrary to what some argue, no vaults seem to have been hacked.
The exact amount of the hack remains to be seen, although by the latest concrete estimates, we are talking about an amount in excess of $30 million, or ~£21.2 million. We’ll know more very shortly, but in the meantime, never forget that while DeFi offers mind-blowing returns, it also carries mind-blowing risks. NEVER invest more than you can afford to lose.
Hi, Привет & Salut! I’m interested in two things: crypto and languages. So I’m really excited to be part of the multinational CoinTribune team, where I can share my crypto knowledge with people from around the world, one article at a time.