- PancakeBunny has fallen victim to a flash loan attack, resulting in the loss of more than $200 million.
- The exploit caused the BUNNY price to crash.
- So far in 2021, DeFi has witnessed way more hacks and exploitations than the entirety of 2020.
PancakeBunny, one of the largest DeFi yield aggregators built on Binance Smart Chain, has fallen victim to a flash loan attack from an outside exploiter. While the community along with some crypto media initially claimed that the hacker has made off with a record-breaking $1 billion worth of crypto assets, new sources calculate the losses to be around $200 million.
The PancakeBunny team used Twitter to update the community on the details of the exploitation. According to a series of threads, the hacker used PancakeSwap to borrow a huge amount of BNB then manipulated the asset’s price and dumped it on the platform’s BUNNY/BNB market.
1⃣ The hacker used PancakeSwap to borrow a huge amount of BNB
2⃣ The hacker then went on to manipuate the price of USDT/BNB as well as BUNNY/BNB
3⃣ The hacker ended up getting a huge amount of BUNNY through this flash loan
— pancakebunny.finance (@PancakeBunnyFin) May 20, 2021
The team reiterated that there was no smart contract hack and none of the vaults have been compromised, instead, it was more of an economic exploit:
We would like to remind the community that no vaults have been compromised. The exploit was an economic exploit that attacked the price of BUNNY, using flash loans. We repeat, no vaults have been breached.
Bunny Price Crashes
Before the attack, BUNNY was trading at around $150. The token witnessed a quick pump to $240 followed by a crash to $0 over just 30 minutes, as the exploitation took place, according to data by PooCoin.app.
The coin, for the first two hours, consolidated below $10. But it didn’t take much time until the coin took momentum and reached as high as $42. As of now, BUNNY is trading at around $38.
DeFi Grows, Likewise its Exploits and Hacks
DeFi is currently believed to be in the experimental phase, though it has grown to be extremely big. In terms of users, the ecosystem has drawn more than 2 million users. And in terms of total value locked, there is over $130 billion locked up in DeFi up to this point, $71 billion of which accounts for TVL on Ethereum. Yet, the system has not been much successful in preventing security flaws.
In 2020, $154 million was lost due to 17 major hacks in the DeFi space, two of which were the result of the founding team exit scamming, and other instances were exploits.
This year has been no different. Alpha Homora and Cream Finance fell victim to exploits, losing $37.5 million. Just a couple of weeks ago, Spartan Protocol was exploited and lost more than $30 million. And today’s incident, which accounts for 1.3x of 2020s total hacks of DeFi, shows that DeFi, while impressive, is not hackproof by any stretch of the imagination.