BSC DeFi app ‘Pancakebunny’ releases post-mortem of $2.4 million exploit

In last week’s attack on the Polygon (MATIC) and QuickSwap (QUICK) version of the Binance Smart Chain (BSC) yield farming protocol PancakeBunny, 2.1 million PolyBunny (polyBUNNY) tokens were minted, resulting in an 82% price plunge from $10 prior to the exploit, to just over $2 post the initial damage.

In the aftermath of the recent decentralized finance (DeFi) exploit, the PancakeBunny (BUNNY) team published a post mortem and compensation plan as it revised its protocols to ensure more security. 

Flash loan attack

PolyBunny, a yield farming protocol running on the Polygon network and QuickSwap decentralized exchange (DEX) based on Ethereum (ETH), got exploited for $2.4 million on July 16.

Chronologically, the attacker made a small deposit ( roughly $19,203) in one of the Bunny Vaults, while at the same time, made a massive deposit (roughly $47,990,975) directly to SushiSwap, and by calling the “withdrawAll” function executed the attack with the amount deposited to SushiSwap as interest.

By successfully manipulating the oracle to increase the interest, the inflated performance fee resulted in minting roughly 2.1 million PolyBunny tokens to the attacker, who at that point repaid Aave’s flash loan and exited the attack with about 1,281 Ethereum, according to the official post mortem.

1⃣ Attacker borrowed extremely large number of tokens
2⃣ Deposited small amount in SushiSwap USDC-USDT Pool
3⃣ Directly deposited in <minichef> to get high interest
4⃣ Manipulated oracle to increase the interest
5⃣ Minted polyBUNNY

— pancakebunny.finance (@PancakeBunnyFin) July 16, 2021

Aftermath

While the protocol confirmed its Polygon and BSC vaults as the SushiSwap contract was safe, it reassured that it will compensate those holding the protocol’s native tokens at the time of the attack. 

“Team Bunny will distribute a total of $2.4 million in MND tokens as total compensation to polyBUNNY holders. This amount corresponds to the amount that was exploited by the attacker.”

MND is not a protocol token minted over time but a fixed-volume utility token associated with the Mound Vault that collects and distributes the proceeds of the ecosystem’s expansion.

Following the exploit, the team announced it has “revised its protocols to maximize security for the launch of new products,” while publishing details on the Qubit lending protocol launch process and the Mound (MND) Vault update.

In light of the recent exploit, Team Bunny has revised its protocols to maximize security for the launch of new products.

Please visit the link below for more details on the revised Qubit launch process and an update on our Mound (MND) Vault.https://t.co/E9qWs69j2Q

— pancakebunny.finance (@PancakeBunnyFin) July 19, 2021

The protocol’s native token PolyBunny fell 85% from its all-time high of $22.9 on July 7, according to Coingecko. 

Binance Smart Chain version, the  PancakeBunny token, is currently trading at $13.22 as its price dropped 29% in the past seven days. 

Even though according to the team “BSC BUNNY has in no way been affected” in this particular exploit, roughly two months ago, CryptoSlate reported that PancakeBunny suffered a similar but more damaging flash loan attack.

Mentioned in this article

Pancake Bunny Polygon QuickSwap

Ad

WorkML.ai: Real World Data Annotation Hub Empowers AI with Crypto

Ad

CryptoSlate on X x.com/cryptoslate

Follow us on X for instant crypto news and insights updates.

Join 50k followers

Ad

Latest Polygon Stories

Top 4 accounting firm turns to Ethereum for blockchain-based business contracts

Adoption 2 days ago

OCM is designed to facilitate the secure handling of business contracts on a public blockchain, ensuring privacy by utilizing zero-knowledge proofs to maintain contract integrity and confidentiality.

Lens memecoins are built different – Bonsai becomes first genuine community token

Op-Ed 2 weeks ago

Bonsai soared in the past few weeks through genuine utility and social commerce on Lens.

Rivalries among Ethereum layer-2s threaten the ecosystem’s future, says Polygon CEO

Crypto 2 weeks ago

Ethereum's layer-2 networks face criticism for harming rather than helping themselves.

Coinbase to store more of its $220 million USDC holdings on Base

Crypto 3 weeks ago

As of press time, the exchange only holds 17% of its USDC on Base.

You might also enjoy...

Pancake Bunny token plummets by 90% after $40 million flash loan attack

Hacks 3 years ago

Binance Smart Chain sounds alarm over ‘well-organized’ DeFi attacks

DeFi 3 years ago

Data shows Polygon (MATIC) has reversed PancakeSwap’s (CAKE) rise

Analysis 3 years ago

Latest Alpha Market Report

Available exclusively via

Dial H for Halving: Unpacking the technicalities of Bitcoin’s halving

Andjela Radmilac · 4 days ago

CryptoSlate's latest market report dives deep into the Bitcoin halvings, exploring its technical underpinnings, the historical context of previous halvings, and their long-term impacts on the network.

Latest Press Releases

View All

Merlin Chain Launches MERL: A Major Leap Forward in Bitcoin Layer 2 Solutions

News Desk 11 hours ago

Telos Partners with Ponos Technology to Develop Hardware-Accelerated Ethereum L2 zkEVM Network

Chainwire 12 hours ago

Gate.io Introduces Quant Fund – A New Era of Wealth Management for Digital Assets

News Desk 13 hours ago