Pancake Bunny, a DeFi yield optimizer project built on Binance Smart Chain, has supposedly suffered an exploit that resulted in roughly $45 million being drained from its smart contracts. The token price has dropped more than 97% in the aftermath while the community awaits an update from the team.
In a single transaction, an unknown user had drained BUNNY of roughly $46 million, exchanging the flash loan loot to BNB, Binance-pegged USDT, and other tokens via Pancakeswap.
Pancake Bunny is a BSC-based DeFi project led by Mound, a startup that raised $1.6 million from Binance Labs and a number of investors in April. The project helped BSC users maximize their yields across pools from AMMs like Pancakeswap. Users are to lock their tokens in Bunny’s smart contract to earn more CAKE, WBNB, and BUNNY tokens as rewards.
At its peak, the project had surpassed $10 billion in total value locked (TVL) but has struggled with boosting its token price as a result of excessive emissions. In its most recent update, the team announced it was planning a new approach to deal with the token’s emissions in the wake of the recent market volatility.Â
However, it would now seem that they have to deal with a problem beyond the price performance of the native token.
The team subsequently released an update detailing how the flash loan incident took place.
Attention Bunny Fam
Our project has suffered a flash loan attack from an outside exploiter.
We will be posting a post mortem and in-depth analysis, but for the time being we would like to update the community as to how this happened.
1⃣ The hacker used PancakeSwap to borrow a huge amount of BNB
2⃣ The hacker then went on to manipulate the price of USDT/BNB as well as BUNNY/BNB
3⃣ The hacker ended up getting a huge amount of BUNNY through this flash loan
— pancakebunny.finance (@PancakeBunnyFin) May 20, 2021
Your crypto deserves the best security. Get a Ledger hardware wallet for just $79!