10:36:00 PM +UTC — Unusual increase in Bunny price detected. (Reported by Operations Team)
10:45:10 PM +UTC — In order to whitewash / launder the extorted WBNB from the exploit, 114,631BNB was sent to the following address: 0x158c244b62058330f2c328c720b072d8db2c612f
11:18:10 PM +UTC — Officially confirmed as a Flash Loan attack. Paused all deposits/withdrawals to the Vault in order to prevent further attacks.
11:59:55 PM +UTC — From the same address above, about 488,071.8989395982 BUNNY was swapped for about 9,161.3295578776BNB, where a portion of it (327.2930347138 BNB) was further swapped for about 43.2463201179 ETH on PCS via 1inch contract(0x11111112542d85b3ef69ae05771c2dccff4faa26)
1. Exploiter secured the funds on PancakeSwap (PCS) to stage and carry out the flash loan attack (hereafter termed “flashed”, the whole sequence was done within one, single transaction)
Flashed 1,051,687 WBNB to PCS CAKE/BNB
Flashed 522,524 WBNB to PCS BUSD/BNB
Flashed 210,158 WBNB to PCS ETH/BNB
Flashed 133,504 WBNB to PCS BTCB/BNB
Flashed 241,021 WBNB to PCS SAFEMOON/BNB
Flashed 98,189 WBNB to PCS BELT/BNB
Flashed 66,290 WBNB to PCS DOT/BNB
Flashed 2,961,750 USDT to ForTube
2. Exploiter minted 144,445 LP by pairing 7,744BNB and 2,961,750 USDT (from the previous stage, on ForTube) on the PancakeSwap V2 USDT/BNB pool (directly minted using Pair contract).
3. Swapped 2,315,631 WBNB to 3,826,047 USDT on the PancakeSwap V1 USDT/BNB pool (thereby exploiting the pricing on Version 1 of the PancakeSwap USDT/BNB).
4. Recalled minted Bunny using getReward. Here, the minted 144,445 LP from step 2) were transferred to BunnyMinter.
5. By using removeLiquidity on all 144,445 LP tokens, exploiter generated 2,961,750 USDT + 7,744 WBNB (as per pair contract) and, in the process of swap on V1 of PancakeSwap BUNNY/BNB with the exploited price from stage 3, resulting in the issuing of 105,257 BUNNY/BNB tokens using 10,836 BUNNY and 1,156,330 WBNB.
6. With the newly created BUNNY/BNB from stage 5, BNB Value was calculated to around 2,324,152 BNB and, as a result, issuing 6,972,455 BUNNY
7. From the 6,972,455 BUNNY, the following happened: -4,880,718 BUNNY exchanged as 2,384,754 BNB on PCS V1 BUNNY/BNB pool -1,394,491 BUNNY exchanged as 56,270 BNB on PSC V2 BUNNY/BNB pool
8.Returned all payments made using Flash Loan again
(on the latest PancakeSwap, hereby PCS)
Repaid 2,964,119 USDT on ForTube.
Repaid 66,463 WBNB on PCS DOT/BNB
Repaid 98,445 WBNB on PCS BELT/BNB
Repaid 241,528 WBNB on PCS SAFEMOON/BNB
Repaid 133,852 WBNB on PCS BTCB/BNB
Repaid 210,706 WBNB on PCS ETH/BNB
Repaid 523,886 WBNB on PCS BUSD/BNB
Repaid 1,054,429 WBNB on PCS CAKE/BNB
Remainder of 114,631 WBNB sent to the exploiter’s address (thereby incurring as malicious gains for the exploiter).