The PancakeBunny Exploiter Has Re-emerged, Transferring $2.9M in Stolen Funds Through Tornado Cash

The infamous PancakeBunny exploiter has re-emerged, transferring substantial quantities of money through Tornado Cash, in a surprising development.

The PancakeBunny exploiter, who has been largely inactive for the past years, has now moved 1,029 ETH (roughly $2.9 million) via Tornado Cash, a cryptocurrency blending platform. The transaction, which occurred on Sunday evening, saw the funds being moved from the wallet address 0xd0f225...756b, as highlighted by the security firm CertiK Alerts.

This particular transaction is being closely monitored due to the exploiter's past involvement in a large-scale exploit on PancakeBunny in May 2021. The incident, which involved a flash loan attack, resulted in user losses of around $45 million. The perpetrator manipulated the price of BUNNY tokens using a substantial amount of assets from PancakeSwap, before selling the tokens at a price of nearly zero, ultimately leading to massive losses.

While a significant portion of the stolen funds have been moved, the exploiter still holds about $11.4 million in DAI at the wallet address 0x820C. These activities highlight the ongoing challenges faced by security professionals and regulators in locating and recovering lost cryptocurrency.

In this case, Tornado Cash plays a dual role. While it offers privacy protection for legitimate users, it is also a preferred platform for cybercriminals to conceal stolen funds. The PancakeBunny exploit serves as a stark reminder of the complexities involved in striking a delicate balance between privacy and security in the crypto space.