In a significant development, the exploiter behind the PancakeBunny flash loan attack, which shook the decentralized finance (DeFi) community in May 2021, has resurfaced. After a prolonged dormancy, the hacker transferred $2.9 million worth of Ether (ETH) using the privacy-centric protocol Tornado Cash.
Revisiting the PancakeBunny Hack
In May 2021, PancakeBunny, a prominent DeFi protocol on the Binance Smart Chain, fell victim to a devastating flash loan attack. The hacker exploited vulnerabilities within PancakeSwap to borrow a massive amount of Binance Coin (BNB). Subsequently, they manipulated the prices of BUNNY and BNB pairs, causing BUNNY’s value to plummet by 95%, from $150 to near zero in just half an hour.
The attack, which resulted in the loss of approximately 697,000 BUNNY tokens and 114,000 BNB tokens, severely impacted PancakeBunny’s market position and led to its eventual dissolution as a protocol and transition to a decentralized autonomous organization (DAO). Following the attack, the hacker’s wallet has remained dormant, until a recent resurgence of activity.
Three years after the infamous PancakeBunny hack, the hacker’s wallet sprang back to life on July 7, transferring 1,002 ETH, valued at approximately $2.9 million, to Tornado Cash. The hacker is using Tornado Cash to obscure the origin and destination of the transferred ETH. This privacy protocol effectively shields transactions, complicating efforts to trace and recover the stolen funds. The hacker is expected to initiate selling ETH in the near future, and still holds $11.4m in DAI.
Tornado Cash is facing accusations of aiding illicit activities. Law enforcers in several jurisdictions allege that the protocol has been used to launder billions of shillings, including $275 million stolen from KuCoin by the North Korean government.
In May, Alexey Pertsev, cofounder of Tornado Cash, was convicted of money laundering by a Dutch court and sentenced to 64 months in prison. These developments highlight concerns about the potential misuse of privacy-focused protocols in facilitating criminal activities within the cryptocurrency industry.
Rise In Cryptocurrency Exploits
The cryptocurrency sector has experienced a troubling surge in exploits and thefts. Blockchain research firm TRM Labs reported that in the first half of 2024, global losses from crypto theft amounted to over $1.38 billion. This figure represents more than a double increase compared to the previous year’s total for the same period, highlighting a growing trend of cybercriminals targeting digital assets.
According to CertiK’s June report, the cryptocurrency sector faced substantial losses totaling approximately $198.3 million due to exploits, hacks, and scams, with only about $1.3 million recovered. This figure marks the second-highest monthly loss recorded in 2024. The breakdown includes approximately $4.8 million from exit scams, around $23.5 million from flash loans, and a significant $171.3 million from exploits.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Leon is a seasoned blockchain writer and reporter, dedicated to uncovering the stories behind decentralized technologies. He excels in providing in-depth analysis and thought leadership in blockchain media. His reporting sparks meaningful conversations and fosters a deeper understanding of the transformative potential of blockchain.