As users debate whether Ethereum or Binance Smart Chain is better, the latter saw another decentralized protocol being exploited. PancakeHunny on BSC was attacked by a flashloan, and this was not the protocol’s first attack.
Peckshield Inc., a blockchain security and data analytics company, announced the attack on Twitter.
The team noted the creation of a smart contract to exploit the Hunny Minter Smart Contract in June, which was the last time this protocol was exploited. According to the team, the contract was then executed 91 times.
This time, the team took a long time to respond to the hack, but they assured users that their funds were safe. In a preliminary report, the team stated,
“On 20 October 2021, at 0920 UTC. A smart contract was created to exploit the Hunny TUSD vault. The Contract was subsequently executed 26 times.”
PeckShield elaborated on the same point, saying,
“@PancakeHunny was exploited in a flurry of 32 txs (one hack tx: https://bscscan.com/tx/0x1b698231965b72f64d55c561634600b087154f71bc73fc775622a45112a94a77) to mint huge amount of $HUNNY, leading to the gain of 388 BNB and 1.7M TUSD (with roughly $1.9M) for the hacker.”
According to the agency, this hack was made possible by a profit inflation bug that converts a small amount of harvested ALPACA into a large amount of TUSD for staking. PeckShield continued,
“These converted TUSDs are then counted as profit, now inflated to mint large amount of $HUNNY!”
Efforts made by the team
The PancakeHunny team has halted the TUSD vault minting process while ensuring that all funds in Hives are SAFE. The exploit had no effect on other Hives or Vaults, only on the price of HUNNY.
They also stated that the problem has been identified, and that the team will shift its focus to higher liquidity pools in order to avoid the consequences of LP pool price manipulation.