In a startling development, the infamous hacker behind the Pancake Bunny flash loan attack in May 2021 has resurfaced after three years, transferring approximately $3 million worth of Ether (ETH) through the privacy-focused protocol Tornado Cash. The stolen funds, originating from the decentralized finance protocol Pancake Bunny on the Binance Smart Chain, had remained dormant until recently, when they were strategically moved to avoid detection.
Flash Loan Attack and Aftermath
The Pancake Bunny protocol fell victim to a devastating flash loan attack two years ago, resulting in the loss of nearly 697,000 BUNNY tokens and 114,000 BNB. This significant breach caused the value of BUNNY tokens to plummet by a staggering 95%. Despite efforts, Pancake Bunny was unable to recover the stolen assets and eventually transformed into a decentralized autonomous organization (DAO).
Recent Movement of Stolen Funds
On July 7, funds linked to the Pancake Bunny hacker were observed flowing into Tornado Cash, a tool designed to provide anonymity for cryptocurrency transactions. This maneuver, which involved transferring 1,002 ETH, aims to obscure the origin of the funds and evade tracking efforts. According to Jason Jiang from CertiK, a blockchain security firm involved in tracking such incidents, the longer funds remain in Tornado Cash and are withdrawn in small, regular amounts, the harder it becomes to trace them back to their source.
Current Status and Market Impact
At current market prices, the hacker has successfully moved approximately $3 million worth of Ether. CertiK’s investigation also revealed that the hacker currently holds $11.4 million worth of Dai, underscoring the scale and complexity of the security breach.
Importance of Security Measures
Security experts emphasize the critical need for robust preventive measures to safeguard decentralized finance protocols from such breaches. CertiK, for instance, has taken proactive steps by migrating its suite of blockchain applications to Alibaba Cloud, enhancing security and scalability through advanced computing and storage resources.
CertiK’s Role in Security
Recently, CertiK found itself in the spotlight after being implicated in a controversy with cryptocurrency exchange Kraken. The exchange accused CertiK of extortion following the discovery of a vulnerability, highlighting the complexities and ethical considerations in the realm of blockchain security.
Conclusion
The incident involving Pancake Bunny serves as a stark reminder of the ongoing security challenges facing decentralized finance platforms. As hackers become more sophisticated, the industry must remain vigilant and proactive in implementing robust security measures to protect user funds and maintain trust within the ecosystem.
