Latest victim of an attack on Binance Smart Chain sent a shock through the network as all funds are reported safe and only the price was affected.
PancakeHunny’s Second Exploit in a Year
PancakeHunny, a Decentralized Finance (DeFi) protocol on Binance Smart Chain (BSC), suffered a flash loan attack that targeted the Hunny TUSD Vault.
The exploit is still fresh and being analyzed. However, the attack was highlighted by PeckShield in its tweet detailing how the attack took place.
PeckShield took to Twitter to sound the alarm on a flash loan attack:
@PancakeHunny was exploited in a flurry of 32 txs (one hack tx: ) to mint huge amount of $HUNNY, leading to the gain of 388 BNB and 1.7M TUSD (with roughly $1.9M) for the hacker.
This attack is the second setback the platform suffered after its Hunny Minter Smart Contract was exploited on June 3 this year. In response to the current exploit, the team prepared a Preliminary Incident Report, published on its Medium, identifying the exploit to a smart contract that was executed 26 times involving 50 different wallet addresses.
How the Attack was Orchestrated
In the preliminary report by PancakeHunny, the attack was carried in the following sequence: –
1. Obtained a 53.25 BTC flash loan from Cream Finance
2. Used the loan to get a 2,717,107 TUSD loan from Venus
3. Manipulated the price of BNB/TUSD Pool on PancakeSwap
4. Use 50 different wallet addresses to deposit 38,250 TUSD into HUNNY TUSD Vault
5. Redeemed 2842.16 TUSD and minted 12,020.40 HUNNY
6. Sold the minted HUNNY for 7.78 WBNB
7. Steps repeated for 50 wallets 26 times
PeckShield also detailed how the initial funds were channeled through Typhoon Network and Tornado Cash, and resulting gains were tunneled via CelerNetwork, Anyswap, and Synapse Protocol.
Moving Forward
The team gave assurance to its community that a more detailed plan will be announced within 24 hours to prevent the aftereffects of price manipulation of Liquidity Pools (LP). It also assured its community that all funds are safe and the exploit only affected the HUNNY token price.
PancakeHunny’s smart contracts are audited by Certik, one of the leading blockchain security companies in the industry, yet it fell victim to such an exploit. Such vulnerabilities remain as the Achilles heel to the DeFi industry. Lucrative bug-bounty programs can be an effective solution to complement a compulsory audit process.
BSC News will be attentive to any updates in the exploit and will be ready to inform the BSC community. Don’t forget to download the BSC News mobile application on iOS and Android to keep up with all the latest news for Binance Smart Chain and crypto!
Source : bsc.news
Founded in 2020, BSCNews is the leading media platform covering decentralized finance (DeFi) on the Binance Smart Chain (BSC). We cover a wide range of blockchain news revolving mainly around the DeFi sector of the crypto markets. BSCNews aims to inform, educate and share information with the global investment community through our website, social media, newsletters, podcasts, research, and live ask me anything (AMA). Our content reaches hundreds of thousands of global investors who are active in the BSC DeFi space.
BSC NEWS is a private news network. All posts posted by this user belong 100% to bsc.news All rights are reserved to BSC NEWS for more information about BSC NEWS contact BSC NEWS HERE.