BSC-based PancakeBunny hacked via a flash loan
mai 20 2021

BSC-based PancakeBunny hacked via a flash loan

DeFi protocol PancakeBunny, a yield aggregator on the Binance Smart Chain (BSC), got hacked on May 20 via a flash loan attack. The hacker drained appr. $45M from the platform, dumping the price of its token BUNNY -96%.

Attack modus operandi:

  1. The hacker used PancakeSwap to borrow a huge amount of BNB
  2. The hacker then went on to manipulate the price of USDT/BNB as well as BUNNY/BNB on the DEX
  3. The hacker ended up getting a huge amount of BUNNY through this flash loan
  4. The hacker then dumped all the BUNNY in the market, causing the BUNNY price to plummet
  5. The hacker paid back the BNB through PancakeSwap

PancakeSwap team has since elaborated a compensation program to the victims of the exploit.

Launched in September 2020, BSC has already suffered several exploits, among them Spartan protocol (flash loan attack, $30 M), Uranium Finance (bug exploit, $30 M) and Meercat Finance (exit scam, $31 M). Being criticized as not decentralized enough, BSC could thus attract hackers looking for protocol vulnerabilities.