PancakeBunny hacker siphons $2.9M Ether in Tornado Cash

Three years after the PancakeBunny flash loan attack, the hacker moved $3 million in ETH through Tornado Cash.

Part of the stolen funds connected to PancakeBunny, a decentralized finance protocol on the Binance Smart Chain, was funneled through the privacy protocol Tornado Cash after three years of dormancy.

PancakeBunny suffered a flash loan attack in May 2021 and lost roughly 697,000 BUNNY and 114,000 BNB, which tanked the value of its BUNNY token by 95%.

e2034f75 9a88 4be6 9e3b d5d0f55ae4a7 e2034f75 9a88 4be6 9e3b d5d0f55ae4a7

Price drop in BUNNY/BNB trading pair following the initial attack: Poocoin.app

Aftermath of PancakeBunny hack
PancakeBunny, the decentralized finance (DeFi) yield farming aggregator, was unable to recover the stolen funds and eventually dissolved the protocol, transforming it into a decentralized autonomous organization (DAO).

Three years later, on July 7, a wallet address linked to the PancakeBunny hacker transferred 1,002 Ether of stolen funds to Tornado Cash to deter traceability.

e9293554 7c68 4cf2 a2fa 090437107728 e9293554 7c68 4cf2 a2fa 090437107728

Source: CertiK

Stolen funds on the move after many years
Based on current market prices, the hacker siphoned roughly $3 million in Ether. According to CertiK, the PancakeBunny exploiter currently holds $11.4 million of DAI

c1ab55b9 2743 4bd3 bad4 08890bdc96cf c1ab55b9 2743 4bd3 bad4 08890bdc96cf

Tracking Bunny Finance’s lost funds’ movement. Source: CertiK

Crypto security experts emphasize heavily the importance of preventive measures when it comes to protecting protocol hacks. In this effort, CertiK migrated its its suite of 12 blockchain applications in Asia to a cloud computing subsidiary of Chinese e-commerce giant Alibaba.

aa5c5b6c 0bf6 4a50 ba8a b69c0bc558da aa5c5b6c 0bf6 4a50 ba8a b69c0bc558da

CertiK’s existing suite of product offerings. Source: CertiK

Ronghui Gu, co-founder of CertiK said:

“For over five years, we have believed in the transformative power of blockchain technology. We look forward to empowering developers with secure blockchain development and deployment through Alibaba Cloud’s platform.”
The move allows developers expecting high resource demands during peak hours to use Alibaba Cloud’s additional computing, storage and distribution resources.

A CertiK investigation that backfired Blockchain security firm CertiK recently identified itself as the “security researcher” that cryptocurrency exchange Kraken claimed stole $3 million worth of digital assets.

Kraken chief security officer Nicholas Percoco claimed that an unnamed security team — not revealed to be CertiK at the time — had committed “extortion” by refusing to return any funds until the exchange agreed to provide “a speculated $ amount that this bug could have caused if they had not disclosed it.”

Leave a Reply

Your email address will not be published. Required fields are marked *

Chatbot AI D2
XX