Coming soon

← Back to the graveyard
PancakeBunny logo

PancakeBunny

Hacked

DeFi · $BUNNY · ✝ 2021

A flash loan minted billions of BUNNY and crashed the token.

PancakeBunny was a BSC yield-aggregator that was hit in May 2021 by a flash-loan price-oracle attack costing roughly $45M. The attacker manipulated pool prices to mint a flood of BUNNY tokens, dumping them and collapsing the price.

Peak
~$45M stolen
Cause
Hacked
Year of death
2021

☠️ Cause of death

Flash loans skewed the LP prices the protocol used to calculate rewards, letting the attacker mint and dump enormous quantities of BUNNY.

📓 Lessons left behind

  • Never price rewards from instantly manipulable spot pools.
  • Use manipulation-resistant, time-weighted oracles.
  • Flash loans turn any pricing weakness into a drain.

🌱 The idea that survived

TWAP reward pricing

Pushed yield aggregators toward time-weighted, multi-source pricing for reward minting.

#defi#flash-loan#oracle