PancakeBunny Finance, a decentralized financial protocol (DeFi) based on the Binance Smart Chain, was exploited late Wednesday and saw $ 45 million from its ecosystem.
The attacker used an exploit to mint millions of rabbit tokens and sold most of them for the NBB, making liquidity providers scarce. While this didn’t directly affect the vaults of the protocol, it did lower the price of the rabbit tokens, which affected all holders.
So the attack came about
The exploitation took place because, according to Igor Igamberdiev of The Block Research, PancakeBunny had an error in the log regarding the calculation of the number of new rabbit tokens to be minted. Bunny (BUNNY) is the protocol’s native governance token.
The calculation function for minting new tokens depended on the price of the BNB-USDT pool. If the ratio of that pool’s BNB or USDT reserves were higher, the pool’s price would fall – and vice versa. In other words, the price of this pool could be manipulated based on the reserves of BNB and USDT.
The exploit took advantage of this flaw by using flash loans. They took eight flash loans, seven from PancakeSwap pools and one from ForTube Bank, a DeFi loan protocol. The attacker borrowed 2.3 million BNB (valued at $ 704 million) and 2.9 million USDT ($ 2.9 million) for a total of nearly $ 707 million.
These lightning loans were then used to manipulate the BNB’s price in the BNB-USDT pool. The attacker used a small portion of the BNB and USDT from the flash loans to provide this pool with liquidity.
They then exchanged all the remaining BNB tokens from the flash credits in the pool in order to manipulate the reserves in the pool, minting 7 million bunny tokens in the process.
The attacker then sold most of the minted Bunny tokens for BNB, causing the price to drop almost 100% for Bunny. The token fell from $ 146 to $ 0.9 after the attack. At the time of writing, Bunny is trading at around $ 28, according to CoinGecko.
The drop in prices means that rabbit keepers have suffered losses due to the exploitation. The PancakeBunny log tweeted that it was “working on a reimbursement plan.”
The exploiter pocketed $ 45 million. They exchanged the embossed bunny for BNB. Then they used most of the NBB to repay the eight flash loans. The remaining rabbit and BNB brought the attacker a profit.
The attacker then exchanged part of the BNB over the Nerve Finance bridge for the anyETH token and transferred it to an Ethereum address. At the time of writing, there is $ 41.4 million on the attacker’s Ethereum address and $ 4 million on their Binance Smart Chain address.
© 2021 The Block Crypto, Inc. All rights reserved. This article is for informational purposes only. It is not offered or used as legal, tax, investment, financial or other advice.