Dormant $2.9M from Pancake Bunny Hack moved to Tornado Cash

As a seasoned crypto investor with a fair share of experience in DeFi, I cannot help but be both awestruck and dismayed by the intricacies of the PancakeBunny saga. The potential for groundbreaking innovation within decentralized finance is truly astounding, yet the vulnerabilities that come with it are a constant reminder of the risks we undertake as investors.


In the dynamic realm of decentralized finance (DeFi), the tale of PancakeBunny stands out as a symbol of both ingenuity and risk. Previously hailed as an effective yield farming aggregator on the Binance Smart Chain, PancakeBunny endured a devastating setback in May 2021 when it was targeted by a flash loan assault.

Approximately 697,000 BUNNY and 114,000 BNB were stolen by the attackers, resulting in a drastic 95% decrease in the value of BUNNY tokens.

Despite our attempts to revive PancakeBunny, it eventually disintegrated and transformed into a Decentralized Autonomous Organization (DAO). However, the saga didn’t conclude there. Three years later, on July 7, 2024, an unexpected turn of events unfolded: funds linked to the initial hacker inexplicably moved.

The wallet address implicated in the attack transferred approximately 1,002 Ether (ETH), equivalent to more than $3 million, anonymously through the privacy tool Tornado Cash, with the intention of concealing the source of the funds.

#Alert from CertiKInsight ⚠️

— CertiK Alert (@CertiKAlert) July 8, 2024

As a crypto investor, I’ve learned that the aftermath of a hack can be quite significant. According to my trusted source, CertiK – a renowned blockchain security firm – has shed light on a recent incident where a hacker walked away with an impressive stash of $11.4 million in DAI. This underscores the far-reaching consequences that such breaches can have on both the affected protocols and us, the investors.

As a researcher studying the evolving landscape of Decentralized Finance (DeFi), I can’t help but acknowledge the increasing risk of hacks targeting these systems. In response to this growing threat, CertiK has taken a significant step forward by migrating their suite of blockchain applications to Alibaba Cloud. This strategic decision bolsters their defensive capabilities and enhances their ability to secure and manage DeFi deployments. By making this move, CertiK is not only strengthening its own position but also emphasizing the essential role proactive security measures play in shielding DeFi protocols from malicious actors.

Nicholas Percoco, Kraken’s Chief Security Officer, highlighted the intricacies of safeguarding blockchain technology, sharing an instance where a researcher from CertiK was allegedly threatened with extortion following the uncovering of weaknesses in Kraken’s infrastructure.

As a security analyst, I cannot stress enough the importance of staying informed and adaptive to the rapidly changing terrain of Decentralized Finance (DeFi). With the advancement of blockchain technology, the events surrounding PancakeBunny – its meteoric rise and subsequent fall – serve as valuable lessons for the future robustness of decentralized financial ecosystems.

Read More

2024-07-08 15:00