An attacker has made away with a whopping $200 million from PancakeBunny after exploiting the Binance Smart Chain (BSC) exchange.
The PancakeBunny team confirmed the incident in a tweet on May 20, explaining that there was no smart contract hack or vault breach. Instead, what the attacker did was more of an “economic exploit.”
Attention Bunny Fam— pancakebunny.finance (@PancakeBunnyFin) May 20, 2021
We would like to remind the community that no vaults have been compromised.
The exploit was an economic exploit that attacked the price of BUNNY, using flash loans. We repeat, no vaults have been breached. pic.twitter.com/GDxPJkIjRG
Reports have it that the hacker stole an estimated 700,000 BUNNY tokens and an additional 114,000 BNB.
According to the team’s “post-hack” report, the attacker allegedly initiated the exploit from PancakeSwap, another BSC-based decentralized exchange and yield farming platform. The attacker took a large flash loan in Binance Coin on PancakeSwap. Afterward, the funds were used to manipulate the prices in USDT/BNB and BUNNY.BNB trading pairs. The end goal was to buy “a huge amount” of BUNNY tokens, which were then dumped on the market.
Interestingly, after successfully dumping his BUNNY tokens, the attacker paid back his flash loans.
Due to the price manipulations, the price of BUNNY quickly jumped from $150 to $240 and then nearly zero within 30 minutes. As of press time, the token had bounced back slightly, trading around $44. However, it is still down by about 70% on the day, according to data on CoinMarketCap.
Two days ago, FinNexus, another DeFi platform, was hacked and drained of $7.6 million.