Flashloan Exploit On Binance’s PancakeBunny Leads to $45 Million USD Drained
An economic exploit on PancakeBunny’s decentralised finance (DeFi) protocol was used on Wednesday which saw the attacker drain $45 million USD from the ecosystem.
How Did The Attack Happen?
According to the post-mortem analysis of the attack published by bunny, the attacker:
- The exploiter staged (and exited) the attack using PancakeSwap (PCS)
- By exploiting a difference in PCS pricing, the hacker intentionally manipulated the price of USDT/BNB and Bunny/BNB, acquiring a huge amount of Bunny through the use of Flash Loans.
- The exploiter dumped all the Bunny in the market (Ethereum), causing the price of Bunny to plummet
- The exploiter then exited the attack by paying back the remaining BNB (by having exploited the price difference from before) on PCS.
Flash loans allow anyone to borrow an unlimited supply of funds without providing any collateral as long as they pay back the sum in the same transaction.
The attack pumped the price of BUNNY from $150 to $240 before plummeting to $0 in just 30 minutes. No vaults were compromised in the event, with the main issue being the driven down price affecting all investors.
Moreover, we are committed to providing a solution by which we can restore the value lost by our community and restore their confidence in the project.
Bunny Finance
Increased Attacks On DeFi
In April, crypto data aggregator Messari reported that flash loans had become the most popular attack vector in the DeFi ecosystem, accounting for roughly half of the $285 million worth of DeFi exploits identified on the Ethereum DeFi-market since 2019.
Attacks on other DeFi protocols: