BSC-based PancakeBunny hacked via a flash loan
DeFi protocol PancakeBunny, a yield aggregator on the Binance Smart Chain (BSC), got hacked on May 20 via a flash loan attack. The hacker drained appr. $45M from the platform, dumping the price of its token BUNNY -96%.
Attack modus operandi:
- The hacker used PancakeSwap to borrow a huge amount of BNB
- The hacker then went on to manipulate the price of USDT/BNB as well as BUNNY/BNB on the DEX
- The hacker ended up getting a huge amount of BUNNY through this flash loan
- The hacker then dumped all the BUNNY in the market, causing the BUNNY price to plummet
- The hacker paid back the BNB through PancakeSwap
PancakeSwap team has since elaborated a compensation program to the victims of the exploit.
Launched in September 2020, BSC has already suffered several exploits, among them Spartan protocol (flash loan attack, $30 M), Uranium Finance (bug exploit, $30 M) and Meercat Finance (exit scam, $31 M). Being criticized as not decentralized enough, BSC could thus attract hackers looking for protocol vulnerabilities.
