Posts

Two in Two... After Venus, Another Binance Smart Chain Protocol Got Exploited; PancakeBunny

avatar of @xabi
25
Jahanzaib
@xabi
·
·
0 views
·
2 min read

(Source)

Evening

          So after yesterday's exploitation of defi lending protocol, Venus resulting in $200 million asset liquidation, today another Binance Smart Chain protocol, PancakeBunny came under attack with hackers draining $45 million worth.

The hackers exploited a bug in PancakeBunny protocol that calculates the minting of new bunny tokens. The minting of bunny is a function of BNB-USDT liquidity pool price. The exploiters took 8 flash loans totaling about $707 million, 7 from PancakeSwap pools (2.3 million BNB worth $704 million) and one from ForTube Bank (2.9 million USDT worth $2.9 million).

Small part of the borrowed loans were than used to manipulate the price of BNB-USDT pool. And then remaining majority of BNB were swapped to manipulate reserves in the pool, minting 7 million bunny tokens.

All the minted bunny tokens were then sold for BNB, causing the price of bunny to plunge from $151 to $11.8. Most of the BNB was used to payback the loans, leaving hackers with spare 45 million worth BNB which was latter swapped for Ethereum and transferred to an Ethereum address.

Bunny holders suffered heavy losses due to the price crash. As per PancakeBunny, they have been working on a reimbursement plan.

This is not the first time that a BSC based protocol have been exploited. In April Uranium Finance got drained off millions of dollars worth Ethereum. Yesterday, Venus a defi lending protocol faced $200 liquidation due to token price manipulation.

All these rugs pulls and hacks are pulling a bad name for BSC, a platform that has pitched itself as a fast, scalable and cost effective alternative of Ethereum. There are serious security concerns about security of BSC with chain using 21 randomly selected validators daily in comparison to plethora of validators on Ethereum.

With recent BSC protocol exploitations, it seems Cubdefi cautious slow and steady development with all the audits and checks in place, is the right move. Better to be safe than sorry...

Fingers Crossed 🤞🤞🤞

Posted Using LeoFinance Beta