Three years after the notorious Pancake Bunny flash loan attack, the hacker responsible has moved $3 million worth of Ether through Tornado Cash. The Pancake Bunny protocol, a decentralized finance (DeFi) platform on the BNB Smart Chain, was exploited in May 2021, leading to significant financial losses and the eventual dissolution of the protocol.
The 2021 Attack and Its Aftermath
In May 2021, Pancake Bunny suffered a devastating flash loan attack, resulting in the theft of approximately 697,000 BUNNY tokens and 114,000 BNB. The attack caused the value of the BUNNY token to plummet by 95%. Despite efforts, Pancake Bunny was unable to recover the stolen funds. Consequently, the protocol was transformed into a decentralized autonomous organization (DAO).
Price drop in BUNNY/BNB trading pair following the initial attack: Poocoin.app
Recent Developments
On July 7, a wallet address associated with the Pancake Bunny hacker transferred 1,002 Ether of the stolen funds to Tornado Cash, a privacy protocol designed to obfuscate the origins of cryptocurrency transactions. At current market prices, this transfer amounts to roughly $3 million. According to blockchain security firm CertiK, the hacker still holds approximately $11.4 million in Dai.
Security Measures and Challenges
The movement of the stolen funds highlights ongoing challenges in securing DeFi protocols and the importance of preventive measures. CertiK, in its commitment to blockchain security, has migrated its suite of 12 blockchain applications in Asia to Alibaba Cloud, a subsidiary of Chinese e-commerce giant Alibaba. This move aims to enhance the security and scalability of blockchain applications.
Source: CertiK
CertiK co-founder Ronghui Gu emphasized the importance of secure blockchain development, stating, “For over five years, we have believed in the transformative power of blockchain technology. We look forward to empowering developers with secure blockchain development and deployment through Alibaba Cloud’s platform.”
Investigations and Controversies
In a related development, CertiK was recently identified as the “security researcher” involved in a controversy with cryptocurrency exchange Kraken. Kraken’s chief security officer, Nicholas Percoco, accused an unnamed security team of “extortion” for refusing to return $3 million worth of digital assets until the exchange agreed to a financial demand. This security team was later revealed to be CertiK.
Tracking Pancake Bunny’s lost funds. Source: CertiK
The Pancake Bunny incident and subsequent events underscore the ongoing risks and complexities in the DeFi space, highlighting the need for robust security measures and transparent practices.
