An attacker used a flash loan to exploit the Binance Smart Chain yield aggregator Bunny Finance earlier this morning. They dumped BUNNY tokens on the market, causing prices to plummet by 96%.
Another Exploit on Binance Smart Chain
A malicious actor targeted Bunny Finance’s BUNNY token early Thursday with a type of economic attack involving flash loans. The attacker executed a flash loan to buy large amounts of BUNNY before selling it on the market. While no vaults of the yield aggregator were compromised, the price of BUNNY tokens fell 96%.
Flash loans are a type of innovation pioneered by Aave. They allow anyone to borrow an unlimited supply of funds without providing any collateral as long as they pay back the sum in the same transaction. They’ve been a subject of debate due to the role they’ve played in many attacks. Flash loans initially gained pace in DeFi but have recently taken off on Binance Smart Chain’s centralized “CeDeFi” network.
In this instance, the attacker used PancakeSwap to borrow a large amount of BNB, which they then used to manipulate the price of BUNNY. They received a large amount of BUNNY, as the equilibrium of the pool changed when BNB was added. They then sold the BUNNY to the market and paid back the BNB. It’s estimated that the attack was worth around $200 million. A paper trail of their transactions can be viewed via BscScan.
The price of BUNNY first rose when the attacker added BNB to the pool, then suddenly dropped when they sold the tokens on PancakeSwap. The anonymous team behind Bunny has promised a reimbursement plan, and withdrawals are being frozen while the team assesses the damage.
Bunny Finance is one of the most popular projects on Binance Smart Chain, but this morning’s attack is yet another blow for Binance’s hopes of competing with Ethereum. The platform has suffered a lot of criticism recently after Meerkat Finance was exploited by its own developers and more than $50 million worth of funds were stolen from Uranium Finance. Only yesterday, further problems arose when Venus Finance users were hit by $200 million worth of liquidations.
Is Binance Smart Chain Safe?
Binance Smart Chain has offered a cheaper alternative to Ethereum for DeFi-related activities in the last few months. The low cost of using the network is part of what’s attracted many yield farmers to the network, driving the price of BNB to new highs. It’s now the third biggest cryptocurrency by market cap, behind only Bitcoin and Ethereum.
However, with so many attacks and exploits appearing on the Ethereum clone, there are reasons to worry about the health of the blockchain itself.
Several Binance Smart Chain users have reported that bridges between the network and other chains were closed after the Venus Finance attack, while others have suggested that the network could be frozen for as little as $100,000/hour. In a Twitter thread discussing the recent issues, one user called CryptoUltron said that the network was “constantly forking uncontrollably” with forked blocks appearing for every new block committed to the chain.
I run a BSC node. The network is constantly forking uncontrollably. For every block that is part of the main chain, there are around 5 uncles (forked blocks). Several validators are running sub-par hardware and cannot keep up with the rest of the network.
— Crypto Ultron (@ProofOfBags) May 20, 2021
Binance Smart Chain uses bigger blocks than Ethereum mainnet, which means that the costs get divided between more transactions. This doesn’t come without issues, though, as the bigger blocksize options can lead to complications, as was extensively discussed during the Bitcoin blocksize wars. While the chain is still functioning, there are good reasons to stay prudent when using Binance Smart Chain for the timebeing.
Disclaimer: The author held BTC, ETH, and several other cryptocurrencies at the time of writing.