On May 20, BSC’s largest machine gun pool, PancakeBunny, was hacked and a large amount of pancakebunny tokens, Bunny, worth about $1 billion, were minted in a short period of time and subsequently dumped into the market by the hackers, plunging the bunny coin price by more than 90%. The attack was not a direct theft of funds from users on the platform, but indirectly led to the loss of user funds due to the plummeting price of bunny, especially for those who had previously bought bunny at a high price.
Linked to yesterday, Venus, the largest lending platform on BSC, was maliciously lent, resulting in $200 million in bad debts. Two days in a row, two BSC generals were badly wounded, which also makes people worry about the future of BSC. Is this a coincidence or an organized attack?
BSC’s largest machine gun pool was attacked, and the token instantly “went to zero”
At 6:34pm Beijing time on May 20, PancakeBunny was attacked by an economic vulnerability, causing the price of BUNNY to plummet. From $200 quickly fell to $4, almost to zero.
The explanation given by PancakeBunny afterwards is that the hackers used PancakeSwap to borrow a large amount of BNB and then manipulated the price of USDT / BNB and BUNNY / BNB. the hackers eventually obtained a large amount of BUNNY through lightning loans and then sold it for profit. the funds on the Pancakebunny platform are safe and secure. The Bunny team is currently working on a solution and will provide a report as soon as possible.
Subsequently, blockchain security companies CertiK, PeckShield, and Slow Fog all gave their analysis of the incident.
Slow Fog’s analysis is the most detailed and requires a strong technical background to understand. The key point is that the price calculation of WBNB-BUNNY LP is flawed, and the amount of BUNNY minted depends on this flawed LP price calculation, which eventually led the attacker to manipulate the WBNB-BUNNY pool with lightning loans to drive up the price of LP. The attacker eventually manipulated the WBNB-BUNNY pool to raise the price of the LP, thereby minting a large number of BUNNY tokens.
PeckShield’s analysis shows that the hackers withdrew a large amount of WBNB from eight pools of PancakeSwap and another $2.96 million USDT from Fortube Bank. 2.96 million USDT and 7,886 WBNB were then deposited into the WBNB – BUSDT pool to get 144,400 LP tokens. Next, 2.32 million WBNBs were exchanged for 3.83 million BUSDTs through the aforementioned WBNB – BUSDT pool in order for the pool to have a sufficiently large reserve of WBNBs, which would affect the evaluation of the pool token. Finally, the hacker received a reward of 6.97 million bunny (worth about $1 billion) with a higher valuation of LP tokens. Notably, the development team of pancakebunny received 1.05 million BUNNY. in the end, the hacker returned the entire loan.
CertiK, for its part, provided a streamlined flowchart of the attack.
As you can see, the hackers took 697,200 BUNNY and 114,600 BNB from this attack. thereafter converted some of the assets to ETH via 1inch and converted them to ETH via the anyswap bridge.
Cut or plunge?
It is reported that before the hack, the total number of bunny was about 1.5 million, and after the hack the total number of bunny exceeded 9.6 million, equivalent to a 5-fold increase in production overnight. With the total market cap unchanged, the price of Bunny should be 1/6 of the original, i.e. $25.
However, as panic spread, the coin price was once smashed to $1.
A community vlogger reminded the group members that after Bunny was attacked the team issued an announcement advising people not to take the plunge and that a snapshot might be required. Once the snapshot is taken, the bunny is now worthless and we are advised to get out. Because with reference to similar cases in the past, the old coin went to zero after the snapshot. The official word is: We will be using a timestamp of the time of attack for reimbursement purposes. this sentence means that the user will be compensated according to the moment of attack. It does not directly say whether this compensation is to issue a new coin or to compensate the old coin, nor does it say that the old coin will be zeroed out after the snapshot.
Subsequently, Bunny price rebounded sharply, and investors who cut flesh due to panic screamed. The bunny price is now back up to over $30.
Two days painful loss of two generals, where will BSC go?
BSC has been experiencing a lot of security incidents lately. on May 5 and 8, the DeFi protocol ValueDeFi was attacked twice with losses of more than $20 million. on May 16, the cross-chain smart revenue protocol bEarn Fi was hacked with losses of $11 million.
Yesterday, BSC’s largest lending platform was maliciously lent to causing over $200 million in bad debt to the platform. Today, BSC’s largest machine gun pool was hacked to issue additional tokens, jacking up $40 million.
If the previous attacks were minor, then the fact that the two “big brothers” on BSC were breached one after another makes people think: what exactly is the problem?
The largest lending platform and the largest machine gun pool have been lost, and if the largest DEX platform pancakeswap is in trouble again, the fate of the entire BSC will be shaken by the storm.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/largest-machine-gun-pool-hacked-where-will-bsc-go-after-back-to-back-blasts/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.