Part of the stolen funds connected to PancakeBunny, a decentralised finance protocol on the Binance Smart Chain, was funneled through the privacy protocol Tornado Cash after three years of dormancy.
PancakeBunny suffered a flash loan attack in May 2021. The attack led to the loss of roughly 697,000 BUNNY and 114,000 BNB. This event tanked the value of its BUNNY token by 95%. PancakeBunny, the decentralised finance (DeFi) yield farming aggregator, was unable to recover the stolen funds. Eventually, the protocol dissolved, transforming into a decentralised autonomous organisation (DAO).
Three years later, on July 7, a wallet address linked to the PancakeBunny hacker transferred 1,002 Ether (ETH) of stolen funds to Tornado Cash to deter traceability. Based on current market prices, the hacker siphoned roughly $3 million in Ether. According to CertiK, the PancakeBunny exploiter currently holds $11.4 million of DAI.
Crypto security experts emphasise the importance of preventive measures when protecting protocol hacks. CertiK migrated its suite of 12 blockchain applications in Asia to a cloud computing subsidiary of Chinese e-commerce giant Alibaba. The move allows developers expecting high resource demands during peak hours to use Alibaba Cloud’s additional computing, storage, and distribution resources.
Blockchain security firm CertiK recently identified itself as the “security researcher” that cryptocurrency exchange Kraken claimed stole $3 million worth of digital assets. Kraken’s chief security officer Nicholas Percoco claimed that an unnamed security team had committed “extortion” by refusing to return any funds until the exchange agreed to provide “a speculated amount that this bug could have caused if they had not disclosed it.”
The hacker’s recent activity and the ongoing security issues highlight the need for improved measures in the DeFi space. Preventive steps are vital to avoid future attacks and protect investor assets. The crypto community continues to monitor the situation closely, hoping for a resolution and better security practices.