Has Pancake Bunny fallen victim to a $1 billion hack?

Thu 20 May 2021 ▪ 13h38 ▪ 3 min read — by William Proctor

Yesterday night, the majority of Europeans were sleeping and dreaming of what they would cook up for breakfast this morning. Little did they know that a hacker was having a midnight snack on Pancake Bunny, one of the top projects on the Binance Smart Chain (BSC).

Another DeFi flash loan exploit?

‘DeFi’ and ‘exploit’ are two words that quite often end up going with ‘flash loan’. After the recent flash loan exploit of bEarn, a cross-chain auto yield farming protocol, and the recent hacks of Value.defi, the BSC community thought that this difficult period of exploits was behind it. Alas, no.

While the broader crypto market was dumping, a smart little hacker managed to bag himself a nice jackpot, estimated by some to be worth $1 billion (£710 million)! To simplify the hack, the user took out a flash loan on PancakeSwap to borrow a large amount of Binance Coin (BNB). “But wait,” I hear you cry, “PancakeSwap doesn’t offer flash loans, what are you talking about?!” Well, let me tell you! Although PancakeSwap doesn’t draw much attention to this, flash loans are native to Uniswap V2. PancakeSwap is one of Uniswap’s many forks, meaning it has the same functions, even if they are hidden from regular users.

The attacker then manipulated the prices of the USDT/BNB and BUNNY/BNB pairs. In doing so, they somehow crashed the site, giving them rewards in BUNNY to the tune of an additional 6.97 million BUNNY.

Naturally, the hacker then started selling these, tanking the price of the token from $229 to $1, a solid drop of 99%.

Pancake Bunny is one of the protocols with the biggest total value locked (TVL) on the BSC: we’re talking about a cool $3.5 billion (~£2.5 billion)! With $2 billion of this lost previously for various reasons, the new hack triggered panic in the BSC ecosystem, causing other assets such as CAKE to fall by 40%…

The end of the story?

The Pancake Bunny team spoke out, stating that a repayment plan was underway and that the flaws that allowed this exploit were being patched. Moreover, contrary to what some argue, no vaults seem to have been hacked.

The exact amount of the hack remains to be seen, although by the latest concrete estimates, we are talking about an amount in excess of $30 million, or ~£21.2 million. We’ll know more very shortly, but in the meantime, never forget that while DeFi offers mind-blowing returns, it also carries mind-blowing risks. NEVER invest more than you can afford to lose.

Recevez un condensé de l’actualité dans le monde des cryptomonnaies en vous abonnant à notre nouveau service de newsletter quotidienne et hebdomadaire pour ne rien manquer de l’essentiel Cointribune !

William Proctor avatar
William Proctor

Hi! Привет! Salut ! Je m’intéresse à deux choses : la crypto et les langues. Je suis donc heureux de faire partie de l’équipe multinationale du CoinTribune, où je peux partager mes connaissances de la crypto avec des gens des quatre coins du monde – l’un article après l’autre.


The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.

Ne manquez aucune actu et abonnez-vous à Cointribune sur Google Actualités !