Decentralized protocol PancakeHunny came under attack with instant credit on October 20 and lost 388 BNB and 1.7 million TUSD (around $1.9 million). PeckShield Inc., a blockchain security company, was the first to report on the attack.
According to the company experts, the hacker carried out 32 transactions to create a huge amount of HUNNY coins. They explained:
“The hack was made possible by a profit inflation error, which converts a relatively small amount farmed by ALPACA into a large number of TUSDs for staking. These converted TUSDs are then counted as profit and used to create a huge amount of HUNNY coins.”
Subsequently, the hacker passed funds through the Typhoon Network and Tornado Cash mixers, as well as the Anyswap, Celer Network and Synapse Protocol protocols. In the end, they were exchanged for Ethereum.
After the attack, the price of the HUNNY token has dropped by more than 60% and is currently trading at $0.1179.
Later, the developers of PancakeHunny confirmed the attack. They assured all user funds are safe, and the exploit only affected the price of HUNNY.
According to them, the hacker created a smart contract for the HUNNY TUSD storage exploit, which was subsequently executed 26 times.