New Victim: PancakeBunny Falls By 95% after Fresh Flash Loan Attack
Pancake Bunny, one of the largest players in the Defi industry, is the most recent victim of flash loan attacks. The team confirmed the attack via its official Twitter handle on Thursday while reassuring users that there has been no compromise.
What Is a Flash Loan?
Flash loans have made the headlines time and again as a tool for exploiting vulnerable DeFi protocols. A flash loan is mostly used by traders who want to make profit from the arbitrage market when two markets are pricing cryptocurrencies differently.
Flash loans are instant and are facilitated through smart contracts, with no requirements of collateral.
Taking Advantage of Vulnerabilities
Various DeFi protocols like Binance Smart Chain and bZx have been victims of these attacks in the past. Barely three weeks after Binance Smart Chain lost $30 million to a similar hack, PancakeBunny joins the list of victims. Few hours ago, a hacker carted away 700,000 BUNNY tokens, worth about 114, 000 BNB tokens ($200 million USD) after successfully manipulating its price.
PancakeBunny moved to swiftly reassure its users that no vaults were broken into, but this hardly changes the fact that a huge sum was stolen by other means.
It's not clear what vulnerabilities in the DeFi protocol the hacker exploited to short change Pancake Bunny. Nevertheless, an update from the team confirms that weaknesses did exist:
“We have determined the nature of the exploit and how it occurred. Additionally, we are working on a reimbursement plan. Withdrawals and deposits will be frozen temporarily until we increase security."
It is understood that the hacker initiated a PancakeSwap process to borrow a huge amount of BNB. While the transaction was ongoing, the hacker manipulated USDT/BNB rates and BUNNY/BNB rates. After successfully manipulating the prices, the hacker went ahead to dump all the BUNNY tokens they had accrued, making the market crash before repaying the loan.
Since the attack, both BNB and BUNNY prices have taken a major hit. Considering the market was on a general decline while the attack was being carried out, BNB fell by 25% once the hack was completed. BUNNY certainly took the most damage, losing 95 percent of its value before the hack. The BUNNY token, which was previously priced at $170, fell to $9.30 post attack.
Now at press time, PancakeBunny trades at $28.05, 81 percent down from its previous closing price.