Bitcoin

PancakeBunny Hacker Steals $2.9 Million in Ether from Tornado Cash

adminJuly 8, 2024

Some of the stolen funds associated with PancakeBunny, a decentralized finance protocol on Binance Smart Chain, were leaked via Tornado Cash, a privacy protocol, after lying dormant for three years.

PancakeBunny suffered a flash loan attack in May 2021, losing approximately 697,000 BUNNY and 114,000 Binance Coins (BNB), which caused the value of the BUNNY token to plummet by 95%.

Price drop in BUNNY/BNB trading pair after initial attack: Pucoin.App

The aftermath of the PancakeBunny hack

PancakeBunny, a decentralized finance (DeFi) yield farming aggregator, was unable to recover stolen funds and eventually disbanded its protocol and transitioned to a decentralized autonomous organization (DAO).

On July 7, three years later, the stolen funds of 1,002 ETH were transferred to Tornado Cash from a wallet address linked to the Pancake Bunny hacker to prevent traceability.

Source: CertiK

Money stolen while on the move after years

Based on the current market price, the hacker has stolen approximately $3 million worth of Ether. According to CertiK, the PancakeBunny explorer currently holds $11.4 million worth of DAI (DAI).

Tracking the movement of Bunny Finance’s lost funds. Source: CertiK

Related: CertiK Urges Security Enhancements as Crypto Losses to Reach $1.19 Billion in H1 2024

Crypto security experts strongly emphasize the importance of preventive measures in protecting against protocol hacks. As part of this effort, CertiK has moved its 12 blockchain application suites in Asia to the cloud computing subsidiary of Chinese e-commerce giant Alibaba.

CertiK’s existing product line. Source: CertiK

Ronghui Gu, co-founder of CertiK, said:

“For more than five years, we have believed in the transformative power of blockchain technology. We look forward to providing developers with secure blockchain development and deployment through Alibaba Cloud’s platform.”

These measures will allow developers who expect high resource demands during peak usage hours to leverage Alibaba Cloud’s additional compute, storage, and deployment resources.

The CertiK investigation backfired. Blockchain security firm CertiK recently revealed that they were the “security researchers” who allegedly stole $3 million worth of digital assets from cryptocurrency exchange Kraken.

Kraken’s chief security officer, Nicholas Percoco, claimed that the anonymous security team (not yet identified as CertiK at the time) committed “extortion” by refusing to return the funds until the exchange agreed to provide the amount that would have been incurred if the exchange had not disclosed “the estimated amount that this bug could have cost.”

magazine: ‘Radar’ Investors Are Looting the DAO – Nouns and Aragon Share Lessons Learned