The decentralized finance platform (DeFi) PancakeBunny Finance, which is based on the Binance Smart Chain protocol, was exploited this Wednesday, May 19. The “attack” caused losses of USD 45 million to the ecosystem. Pancake Bunny (BUNNY), ​​the platform’s token, went from worth USD 146 to USD 9 in less than an hour.

The perpetrator took advantage of a vulnerability to create million PancakeBunny (BUNNY) tokens and then sold almost all of them in exchange for Binance Coin (BNB). Although this did not affect the reserves directly, it did produce an abrupt decrease in the price of the token, so that it affected all its holders.

In the midst of all this, the platform had communicated in its Twitter account that had frozen all deposits – enabled again in the early hours of Friday, May 21 – and was working on a “repayment plan” for its users.

Subsequently, the team PancakeBunny announced in a publication on Medium the creation of a new pBunny token, which in 90 days can be exchanged for BUNNY. In addition, they reported that made changes to the platform code to prevent this type of attack in the future and that they will compensate for the surplus of the token in circulation through a « aggressive buyback strategy ‘, a possible token burn and other related tactics.

PancakeBunny is among the most popular DeFi, with a value locked on the platform totaling more than USD 1.5 billion, according to its official site. This figure would place it in the top 15 in this regard according to DeFipulse data.

How was the exploitation ?

Specifically, the maneuver was based on a bug that the platform had for the calculation of the creation of new Pancake Bunny tokens, which is used for governance in the protocol. Thus, according to The Block, this calculation depends on the value of the BNB – USDT (Tether) pool, which can be manipulated depending on the reserves of both cryptocurrencies.

The criminal took advantage this default using flash loans ( flash loans ) of up to 2.3 million BNB (close to USD 704 million) and 2.9 million USDT (equivalent to almost the same dollar amount, given that it is a stablecoin). In total, eight loans were requested: seven in PancakeSwap, a decentralized exchange, and one in ForTube Bank, another DeFi that provides this type of services.

With all this flow of funds, the author of the fraud manipulated the price of BNB in ​​the BNB – USDT pool by providing liquidity to it. Then, the specialist explains, he exchanged all the remaining BNB of the loans to manipulate the pool’s reserves, thereby creating seven million BUNNY tokens.

Finally, The attacker sold almost all the tokens created in exchange for BNB, which produced a near 100% drop in the value of the token. In the transactions, he also included a private note: « ArentFlashloansEaritating »(‘Aren’t flash loans irritating?’ Added to a pun on the term bunny —’rabbit’— , by the name of the platform).

Beyond the resounding fall, which even reached below USD 10, at the close of this note BUNNY was trading at USD 55.65, according to its own Web page. Likewise, its market capitalization amounts to USD 438 million.

With this fact, the DeFi adds a new attack to all those suffered in 2021. As CriptoNoticias reported at the end of April, in the first Four months of the year, the amount violated in this type of platform already totaled more than USD 41 million, although that figure continues to rise.

The post They exploit DeFi from Binance PancakeBunny and take $ 45 million appeared first on World Weekly News.