A flash loan attack caused PancakeBunny’s (BUNNY) price to drop by over 95 percent on May 20. It’s the latest attack that has exploited vulnerabilities on the Binance Smart Chain (BSC) using flash loans. On May 16, bEarn.Fi, a cross-chain farming protocol, suffered an exploit, which resulted in the loss of almost $11 million.
PancakeBunny's flash loan attack
According to BUNNY’s “post mortem” analysis report, the hacker initially used PancakeSwap, a decentralized finance (DeFi) and yield farming platform based on the BSC, to take out an enormous flash loan in Binance Coin (BNB).
The attacker used these funds to manipulate prices in USDT/BNB and BUNNY/BNB trading pairs and bought “a huge amount” of BUNNY, which caused the price to jump slightly from $150 to $240. The attacker released the tokens out onto the market, which caused the price to drop to almost zero in a matter of 30 minutes. After the operation was complete, the attacker paid back the flash loans.
Flash loan attacks are becoming more common.
Ethereum lending platform Aave created the idea of flash loans in 2020. Because they are new and still have many issues to work out, they're susceptible to hacks and malicious activity. According to Aave’s whitepapers on the subject, “There is no real-world analogy to Flash Loans.”
Although flash loans are relatively new, there has already been a long list of attacks and each of them looks slightly different.
In the case of the bEarn.Fi flash loan attack, the hacker briefly raised the price of the altcoin being used to repay the loan. The borrower was able to fool the lender into thinking that they repaid the flash loan in full when they hadn't.
While flash loans seem like an extremely risky feature, they still provide much more honest benefits to crypto investors. Investors are able to take advantage of flash loans' speed to capitalize on substantial gains without having to risk their own money. This is helpful to jump on a crypto trend before it’s too late.
Bunny has recovered slightly, but it's still reeling from the attack.
Late on May 20, the price of BUNNY had risen to around $46. However, it’s still about $100 lower than it was before the attack. PancakeBunny assured users that none of its vaults had been compromised. By the amounts that the attacker stole and the extreme drop in value, investors have reason to be upset.
The flash loan attack helped the hacker steal an estimated 700,000 BUNNY tokens and 114,000 BNB worth a whopping $200 million at prices at the time. BNB prices have also declined since the attack, with a 25 percent drop to $290 from a pre-attack price of $386. However, BNB has since rallied to a price of nearly $400.