Press "Enter" to skip to content

Hacker steals $200 million from PancakeBunny in a flash loan exploit

An attacker has made away with a whopping $200 million from PancakeBunny after exploiting the Binance Smart Chain (BSC) exchange.

The PancakeBunny team confirmed the incident in a tweet on May 20, explaining that there was no smart contract hack or vault breach. Instead, what the attacker did was more of an “economic exploit.”

Reports have it that the hacker stole an estimated 700,000 BUNNY tokens and an additional 114,000 BNB.

According to the team’s “post-hack” report, the attacker allegedly initiated the exploit from PancakeSwap, another BSC-based decentralized exchange and yield farming platform. The attacker took a large flash loan in Binance Coin on PancakeSwap. Afterward, the funds were used to manipulate the prices in USDT/BNB and BUNNY.BNB trading pairs. The end goal was to buy “a huge amount” of BUNNY tokens, which were then dumped on the market.

Interestingly, after successfully dumping his BUNNY tokens, the attacker paid back his flash loans.

Due to the price manipulations, the price of BUNNY quickly jumped from $150 to $240 and then nearly zero within 30 minutes. As of press time, the token had bounced back slightly, trading around $44. However, it is still down by about 70% on the day, according to data on CoinMarketCap.

Two days ago, FinNexus, another DeFi platform, was hacked and drained of $7.6 million.