Three years after the infamous Pancake Bunny flash loan attack, the hacker responsible has moved $3 million worth of Ether (ETH) through the privacy protocol Tornado Cash. This marks a significant development in the case, where stolen funds connected to Pancake Bunny, a decentralized finance protocol on the BNB Smart Chain, were funneled after years of inactivity.
The 2021 Flash Loan Attack
In May 2021, Pancake Bunny suffered a devastating flash loan attack, resulting in the loss of approximately 697,000 BUNNY tokens and 114,000 BNB. This incident caused a massive 95% drop in the value of the BUNNY token, severely impacting the protocol.
Aftermath of the Attack
Following the attack, Pancake Bunny was unable to recover the stolen funds. This led to the dissolution of the protocol, which was then transformed into a decentralized autonomous organization (DAO).
Recent Movement of Stolen Funds
On July 7, a wallet address linked to the Pancake Bunny hacker transferred 1,002 Ether, roughly $3 million at current market prices, to Tornado Cash to obfuscate the trail of the funds. According to blockchain security firm CertiK, the Pancake Bunny exploiter still holds around $11.4 million in Dai (DAI).
Also Read: PancakeSwap to Launch Version 4 for Enhanced Trading Efficiency
Emphasis on Preventive Measures
Crypto security experts have highlighted the importance of preventive measures in protecting against protocol hacks. CertiK, a leading blockchain security firm, has taken steps to enhance security by migrating its suite of 12 blockchain applications in Asia to Alibaba Cloud, a subsidiary of the Chinese e-commerce giant Alibaba.
CertiK stated, “For over five years, we have believed in the transformative power of blockchain technology. We look forward to empowering developers with secure blockchain development and deployment through Alibaba Cloud’s platform.” This move is expected to provide developers with additional computing, storage, and distribution resources, particularly during peak demand hours.
In a related development, CertiK recently identified itself as the “security researcher” involved in a controversy with cryptocurrency exchange Kraken. Kraken’s chief security officer, Nicholas Percoco, had previously accused an unnamed security team of “extortion” for allegedly refusing to return $3 million worth of digital assets unless the exchange agreed to pay a speculative amount for a bug disclosure. This team was later revealed to be CertiK.
