Hackers behind the 2021 PancakeBunny exploit have resurfaced. On July 7th, 2024, a wallet linked to the attackers transferred over $2.9 million worth of stolen Ether (ETH) through Tornado Cash, a cryptocurrency mixing service known for its ability to obfuscate transaction trails.
The PancakeBunny hack, which occurred in May 2021, targeted the Binance Smart Chain-based DeFi platform. Hackers employed a flash loan attack, a complex maneuver that exploits vulnerabilities in lending protocols to manipulate prices and siphon off funds. In this instance, the attackers absconded with roughly 697,000 BUNNY tokens and 114,000 BNB, causing a significant plunge in the value of PancakeBunny’s BUNNY token.
The recent transfer of stolen funds through Tornado Cash indicates the hackers’ intent to launder the money and complicate efforts to recover it. PancakeBunny, unable to recoup the losses, transitioned from a protocol to a decentralized autonomous organization (DAO) following the attack.
This incident underscores the persistent vulnerabilities plaguing DeFi platforms. While PancakeBunny has assured users they’re investigating the matter, the stolen funds remain unrecovered. The use of Tornado Cash further complicates retrieval efforts, highlighting the challenges of regulating cryptocurrency transactions.
Law enforcement agencies and regulatory bodies are likely to scrutinize this latest development. This could potentially lead to stricter measures to bolster DeFi platform security and enhance transparency within the cryptocurrency ecosystem.