The stolen funds associated with Pancake Bunny, a decentralized finance protocol on the BNB Smart Chain, were recently channeled through the privacy protocol Tornado Cash after being dormant for three years.
In May 2021, Pancake Bunny fell victim to a flash loan attack, resulting in the loss of approximately 697,000 BUNNY tokens and 114,000 BNB. This caused the value of the BUNNY token to plummet by 95%.
Despite efforts to recover the stolen funds, Pancake Bunny was unsuccessful and ultimately decided to dissolve the protocol and transform it into a decentralized autonomous organization (DAO).
Three years later, on July 7, the wallet address connected to the Pancake Bunny hacker moved 1,002 Ether of the stolen funds to Tornado Cash in order to avoid detection.
According to CertiK, the hacker has siphoned around $3 million in Ether and currently holds $11.4 million worth of Dai.
Experts in crypto security stress the importance of taking preventive measures to protect against protocol hacks. In line with this, CertiK migrated its suite of 12 blockchain applications in Asia to a cloud computing subsidiary of Alibaba.
Ronghui Gu, co-founder of CertiK, explained that this move enables developers to access additional computing, storage, and distribution resources from Alibaba Cloud during peak hours.
In a recent incident, CertiK found itself at the center of controversy when it was accused by Kraken, a cryptocurrency exchange, of stealing $3 million worth of digital assets. However, CertiK later revealed itself as the “security researcher” mentioned in the accusation.
As crypto investors continue to exploit decentralized autonomous organizations (DAOs), lessons are being learned by projects like Nouns and Aragon to better protect against such raids.