Raised $ 200 million through PancakeBunny

The DeFi protocol PancakeBunny has become the target of a flash loan attack. $ 200 million was withdrawn via the DeFi protocol. The BUNNY token is in free fall after the attack.

Of all the coins that it knocked to the ground yesterday, one is particularly bad: PancakeBunny (BUNNY). The native token of the DeFi protocol of the same name has fallen by over 80 percent compared to the previous day. BUNNY is currently trading at $ 28, falling to a fraction of the recent record high of $ 553. However, the massive slump in sales that brought the entire crypto market to its knees was less responsible for the dramatic drop in prices. In the midst of the biggest crash in over a year, the yield aggregator was the target of a flash loan attack that pushed the BUNNY price from $ 150 to $ 11 in a matter of minutes.

How do flash loans work?

Flash loans are a birth of the DeFi ecosystem and are basically lending deals where investors repay the borrowed funds in the same transaction. Sounds strange, but it offers some advantages, especially for traders who take advantage of price differences at different trading venues, keyword: crypto arbitrage. The complex transactions are handled within a smart contract: funds are borrowed, used and then paid back.

Users do not have to deposit any collateral, i.e. security, as is normally the case with loan transactions on DeFi platforms such as MakerDAO. In this case, one speaks of unsecured loans. Since the borrowed funds are returned in the same transaction, the procedure for the lender is like a zero-sum game.

With the necessary know-how, however, borrowers can fill their wallet properly in a short time with the help of flash loans. For example, a certain amount can be borrowed, with which, for example, tokens can be bought on one exchange at a comparatively low price in order to sell them on another exchange at a higher price. The borrower then pays back the borrowed amount with interest and reaps the profit. If the borrowed amount does not go back in time, the transactions will be interrupted and the lender will get his money back.

Attack on PancakeBunny

Since the transaction does not materialize if the borrower cannot cover the borrowed amount, flash loans are comparatively risk-free and also enable small investors to trade large amounts of money. But as innovative as the financial instruments are, they also open the door to market manipulation. The problem: Because of a lack of liquidity, decentralized exchanges are particularly susceptible to price manipulation. If a large amount moves into tokens with a low market capitalization in a short period of time, the prices skyrocket. With the overpriced tokens, you can make the big mess on other platforms.

It is precisely this attack vector that a shrewd investor at PancakeBunny took advantage of. The exact process cannot yet be completely reconstructed, but the fact is that the attacker borrowed a considerable amount of BNB via Flash Loan via the Binance smart chain exchange PancakeSwap and then used the exchange rates for the value pairs USDT / BNB and BUNNY / BNB to manipulate. After driving the price up, he sold all of the BUNNY tokens before repaying the loan. The course went to the ground in a short time after the pump. For the attacker, on the other hand, it was a profitable business. He is said to have made around 200 million US dollars as a result. PancakeBunny has stopped and due to withdrawals explainedthat users’ deposits are safe.

As annoying as the incident is, especially for BUNNY investors, the attackers are legally operating in a gray area. It is true that such an attack takes a good deal of criminal energy. But instead of hacking and rewriting the smart contract, flash loan attacks mercilessly exploit the predetermined breaking point of decentralized exchanges: price oracles. These supply DeFi protocols with course data. However, if the smart contracts only obtain their data from centralized price oracles, they are extremely susceptible to such manipulations. Decentralized price oracle solutions such as those from Chainlink are therefore becoming more and more important.