PancakeHunny Suffers Flash Loan Attack and Cataclysmic Price Drop

Latest victim of an attack on Binance Smart Chain sent a shock through the network as all funds are reported safe and only the price was affected.

PancakeHunny’s Second Exploit in a Year

PancakeHunny, a Decentralized Finance (DeFi) protocol on Binance Smart Chain (BSC), suffered a flash loan attack that targeted the Hunny TUSD Vault. 

The exploit is still fresh and being analyzed. However, the attack was highlighted by PeckShield in its tweet detailing how the attack took place. 

PeckShield took to Twitter to sound the alarm on a flash loan attack:

@PancakeHunny was exploited in a flurry of 32 txs (one hack tx: ) to mint huge amount of $HUNNY, leading to the gain of 388 BNB and 1.7M TUSD (with roughly $1.9M) for the hacker.

This attack is the second setback the platform suffered after its Hunny Minter Smart Contract was exploited on June 3 this year. In response to the current exploit, the team prepared a Preliminary Incident Report, published on its Medium, identifying the exploit to a smart contract that was executed 26 times involving 50 different wallet addresses. 

Source: The team halted the minting process in the TUSD Vault to prevent any further exploit 

How the Attack was Orchestrated

In the preliminary report by PancakeHunny, the attack was carried in the following sequence: –

1. Obtained a 53.25 BTC flash loan from Cream Finance

2. Used the loan to get a 2,717,107 TUSD loan from Venus

3. Manipulated the price of BNB/TUSD Pool on PancakeSwap

4. Use 50 different wallet addresses to deposit 38,250 TUSD into HUNNY TUSD Vault

5. Redeemed 2842.16 TUSD and minted 12,020.40 HUNNY

6. Sold the minted HUNNY for 7.78 WBNB

7. Steps repeated for 50 wallets 26 times

PeckShield also detailed how the initial funds were channeled through Typhoon Network and Tornado Cash, and resulting gains were tunneled via CelerNetworkAnyswap, and Synapse Protocol

Source: The price of the HUNNY token took a nosedive and plummeted approximately 50% as a result of the exploit  

Moving Forward

The team gave assurance to its community that a more detailed plan will be announced within 24 hours to prevent the aftereffects of price manipulation of Liquidity Pools (LP). It also assured its community that all funds are safe and the exploit only affected the HUNNY token price. 

PancakeHunny’s smart contracts are audited by Certik, one of the leading blockchain security companies in the industry, yet it fell victim to such an exploit. Such vulnerabilities remain as the Achilles heel to the DeFi industry. Lucrative bug-bounty programs can be an effective solution to complement a compulsory audit process.

BSC News will be attentive to any updates in the exploit and will be ready to inform the BSC community. Don’t forget to download the BSC News mobile application on iOS and Android to keep up with all the latest news for Binance Smart Chain and crypto!

Source :

Leave a Reply

Your email address will not be published. Required fields are marked *