A DeFi project based on Binance Smart Chain has suffered a flash loan attack — causing the value of its native token to plummet.
Pancake Bunny said the hacker involved had used the decentralized exchange PancakeSwap to borrow a huge amount of Binance Coin — and then manipulated the price of BNB’s trading pairs against USDT and BUNNY.
As a result, “the hacker ended up getting a huge amount of BUNNY through this flash loan.”
According to the embattled project, the malicious actor then dumped all the BUNNY in the market. Charts suggest this caused the token’s value to surge from $140 to $240 within a matter of minutes — and then a crash of more than 95% meant it was worth mere cents.
DeFi Protocol in Crisis
In regular updates on Twitter, Pancake Bunny has stressed that none of its vaults have been compromised. Developers have also confirmed that they have determined the nature of the exploit and how it occurred, and are now working on a reimbursement plan. Withdrawals and deposits have been frozen until security measures are ramped up.
It is believed that the hacker managed to take 697,000 BUNNY and 114,000 BNB. Crypto researcher dev.eth wrote on Twitter:
“Token went from $140 to $240 then to $0. Huge blow, over $200M in assets gone.”
PancakeBunny is a yield farming aggregator, and Binance Smart Chain has become an increasingly popular destination for DeFi protocols trying to sidestep the high transaction fees currently seen on the Ethereum network.
Last month, Messari reported that more than $284 million as a result of DeFi hacks since 2019 — and on average, $11.9 million is lost in each incident.
Flash loan attacks, like the one suffered by PancakeBunny, are one of the most common vulnerabilities — alongside flaws in smart contracts, exit scams and the manipulation of price oracles.