PancakeBunny Attacked With Massive $200M Flash Loan Exploit

Share Article
In Brief
  • Hacker drains BUNNY/BNB pool.

  • Flash loans used to attack another BSC protocol.

  • BUNNY price dumps 95% below $10.

  • promo

    Stake your points and qualify for the 200,000 USDT prize pool. Start staking now!

The Trust Project is an international consortium of news organizations building standards of transparency.

The latest victim in the wave of flash loan attacks targeting the decentralized finance (DeFi) industry is one of its largest players — PancakeBunny.



Binance Smart Chain (BSC) and DeFi protocols have been the target of the majority of attacks and hacks in recent months, and most of those have exploited vulnerabilities using flash loans.

An attacker made off with around $200 million from the BSC exchange after manipulating its price. The team tweeted on May 20 to confirm that there was no smart contract hack or vault compromise but more of an “economic exploit:”



“We would like to remind the community that no vaults have been compromised. The exploit was an economic exploit that attacked the price of BUNNY, using flash loans. We repeat, no vaults have been breached.”

The attacker made off with an estimated 700,000 BUNNY tokens and 114,000 BNB worth a whopping $200 million at prices at the time.

Price Manipulation

PancakeBunny reiterated that none of the vaults had been exploited but that is of little consolation since a massive amount was stolen by other means.

It explained that the hacker used PancakeSwap to borrow a huge amount of BNB before going on to manipulate the price of USDT/BNB as well as BUNNY/BNB. The team did not mention exactly how this price manipulation occurred though no doubt it will be revealed in a full post mortem at a later stage.

Once the price had been pumped, the attacker dumped all of the BUNNY tokens he had accrued back onto the market, causing it to crash, before repaying the BNB flash loan.

Flash loans have become the weapon of choice for attackers as they allow large sums to be withdrawn, used for nefarious purposes, and repaid all within the same transaction.

The latest update from PancakeBunny stated:

“We have determined the nature of the exploit and how it occurred. Additionally, we are working on a reimbursement plan. Withdrawals and deposits will be frozen temporarily until we increase security.”

BUNNY price dumps 95%

As if things weren’t bad enough on bleeding crypto markets, the BUNNY token has collapsed in the wake of the attack.

BUNNY was trading as high as $170 before the attack according to CoinGecko, and it has now dumped around 95% to $9.30.

BNB prices have also suffered with a 25% slide on the day to $340 following a post attack dump to $300.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Limited offer! Learn to mine and trade crypto today for free


Earn up to $10,000 USD every week in CoinFLEX AMM+ Arena!

Earn Now

Be our Supreme Scorer and qualify for a grand prize pool of 200,000 USDT!