Two in Two... After Venus, Another Binance Smart Chain Protocol Got Exploited; PancakeBunny
Evening
So after yesterday's exploitation of defi lending protocol, Venus resulting in $200 million asset liquidation, today another Binance Smart Chain protocol, PancakeBunny came under attack with hackers draining $45 million worth.
The hackers exploited a bug in PancakeBunny protocol that calculates the minting of new bunny tokens. The minting of bunny is a function of BNB-USDT liquidity pool price. The exploiters took 8 flash loans totaling about $707 million, 7 from PancakeSwap pools (2.3 million BNB worth $704 million) and one from ForTube Bank (2.9 million USDT worth $2.9 million).
Small part of the borrowed loans were than used to manipulate the price of BNB-USDT pool. And then remaining majority of BNB were swapped to manipulate reserves in the pool, minting 7 million bunny tokens.
All the minted bunny tokens were then sold for BNB, causing the price of bunny to plunge from $151 to $11.8. Most of the BNB was used to payback the loans, leaving hackers with spare 45 million worth BNB which was latter swapped for Ethereum and transferred to an Ethereum address.
Bunny holders suffered heavy losses due to the price crash. As per PancakeBunny, they have been working on a reimbursement plan.
This is not the first time that a BSC based protocol have been exploited. In April Uranium Finance got drained off millions of dollars worth Ethereum. Yesterday, Venus a defi lending protocol faced $200 liquidation due to token price manipulation.
All these rugs pulls and hacks are pulling a bad name for BSC, a platform that has pitched itself as a fast, scalable and cost effective alternative of Ethereum. There are serious security concerns about security of BSC with chain using 21 randomly selected validators daily in comparison to plethora of validators on Ethereum.
With recent BSC protocol exploitations, it seems Cubdefi cautious slow and steady development with all the audits and checks in place, is the right move. Better to be safe than sorry...
Fingers Crossed 🤞🤞🤞
Posted Using LeoFinance Beta
It looks like PancakeBunny's Haechi audit didn't count for much. Hope there are no such bugs or vulnerabilities lurking on cub.
Lets just hope so... And meanwhile Cubdefi needs to be on a constant guard.
Posted Using LeoFinance Beta
I'm not sure how much these audits protect us. Many of these hacks seem to be done on defi that has had audits.
The small number of validators does seem to be a problem. Not just from the hacks point of view but from the congestion issues as well.
PancakeBunny must be making millions themselves if they can cough up that amount to reimburse people.
Posted Using LeoFinance Beta
Yeah they do have deep pockets.
Posted Using LeoFinance Beta
To me there seems to be an issue with these flash loans (which require no collateral but are repaid in the same smart contract, from what I understood).
From the description of the exploit, this isn't a hack of the smart contract code, this is an exploit using the flash loans, which are used to manipulate the price of the tokens. So it's a market manipulation using borrowed funds with no collateral.
Posted Using LeoFinance Beta