幣安智能鏈上的 PancakeBunny DeFi 協議遭遇毀滅性閃電貸攻擊，導致價格暴跌 95%

PancakeBunny 是一家收益耕作聚合商，已成為閃電貸​​攻擊的受害者，導致其代幣 (Bunny) 的價值暴跌超過 95%，從 146 美元左右跌至 6.17 美元。駭客操縱幣安 BNB 代幣相對於幣安 USD 穩定幣和 Bunny 代幣的價格，借入大量 BNB 來執行攻擊。目前還不清楚流失的總價值，但區塊鏈數據顯示攻擊者獲利近 300 萬美元。

Binance Smart Chain DeFi Protocol PancakeBunny Suffers Devastating Flash Loan Attack, Leading to 95% Price Collapse

幣安智能鏈 DeFi 協議 PancakeBunny 遭遇毀滅性閃電貸攻擊，導致價格暴跌 95%

On May 20, 2021, the yield-farming aggregator PancakeBunny fell victim to a sophisticated flash loan attack, causing the value of its native token, Bunny, to plummet by over 95%. The attack has sent shockwaves through the decentralized finance (DeFi) community, highlighting the vulnerabilities that continue to plague the burgeoning sector.

2021 年 5 月 20 日，收益挖礦聚合商 PancakeBunny 成為複雜的閃貸攻擊的受害者，導致其原生代幣 Bunny 的價值暴跌超過 95%。這次攻擊在去中心化金融（DeFi）社群引起了衝擊，凸顯了持續困擾這個新興產業的漏洞。

According to official tweets from PancakeBunny, the attacker meticulously orchestrated the exploit through PancakeSwap, the largest automated market maker on the Binance Smart Chain (BSC). The attacker initially borrowed a vast amount of Binance Coin (BNB), BSC's native token, using a flash loan mechanism. Flash loans allow users to borrow crypto assets without providing collateral, but the funds must be repaid within a single block confirmation.

根據 PancakeBunny 的官方推文，攻擊者透過 Binance 智慧鏈（BSC）上最大的自動化做市商 PancakeSwap 精心策劃了該漏洞。攻擊者最初使用閃貸機制借入了大量 BSC 的原生代幣幣安幣 (BNB)。閃電貸允許用戶在不提供抵押品的情況下借入加密資產，但資金必須在單一區塊確認內償還。

The attacker then manipulated the price of BNB against the Binance USD (BUSD) stablecoin and Bunny tokens. By artificially inflating the price of BNB, the attacker acquired a large quantity of Bunny tokens, which they swiftly dumped on the market. This massive sell-off sent the price of Bunny plummeting from approximately $146 to a mere $6.17, according to data from CoinGecko, representing a staggering 95% crash.

然後，攻擊者操縱 BNB 相對於幣安美元 (BUSD) 穩定幣和 Bunny 代幣的價格。攻擊者透過人為抬高BNB的價格，獲得了大量的Bunny代幣，並迅速將其拋售到市場上。根據 CoinGecko 的數據，這次大規模拋售導致 Bunny 的價格從約 146 美元暴跌至僅 6.17 美元，跌幅高達 95%。

The exact amount of funds drained by the attacker remains unclear, but blockchain data suggests that the perpetrator may have profited by close to $3 million. This attack is the latest in a string of exploits targeting DeFi protocols operating on the BSC. On May 16, bEarn.Fi, a cross-chain farming protocol, suffered an exploit that resulted in the loss of nearly $11 million.

攻擊者流失的確切資金數量尚不清楚，但區塊鏈數據表明，攻擊者可能獲利近 300 萬美元。此次攻擊是一系列針對 BSC 上運行的 DeFi 協定的攻擊中的最新一起。 5 月 16 日，跨鏈挖礦協議 bEarn.Fi 遭受攻擊，造成近 1,100 萬美元損失。

Despite the severity of the attack, neither Binance nor its CEO, Changpeng "CZ" Zhao, had commented on the incident at the time of writing. Binance did not immediately respond to requests for comment from CoinDesk.

儘管攻擊非常嚴重，但截至撰寫本文時，幣安及其執行長趙長鵬「CZ」均未對此事件發表評論。幣安沒有立即回應 CoinDesk 的置評請求。

This exploit underscores the ongoing security concerns surrounding the DeFi ecosystem. Flash loan attacks, in particular, have become a favored tactic for malicious actors due to their ability to manipulate asset prices and drain funds swiftly.

這個漏洞凸顯了圍繞 DeFi 生態系統持續存在的安全問題。尤其是閃電貸攻擊，由於其能夠操縱資產價格並迅速耗盡資金，已成為惡意行為者最喜歡的策略。

As DeFi protocols continue to attract substantial capital and users, it is imperative that developers prioritize robust security measures to mitigate the risk of further attacks. The PancakeBunny incident serves as a stark reminder of the need for constant vigilance and continuous improvement in the security infrastructure of DeFi platforms.

隨著 DeFi 協議繼續吸引大量資本和用戶，開發人員必須優先考慮強有力的安全措施，以降低進一步攻擊的風險。 PancakeBunny事件強烈提醒我們，需要時時警惕並不斷完善DeFi平台的安全基礎設施。

Additional Context and Commentary:

其他背景和評論：

The BSC has emerged as a popular blockchain for DeFi applications due to its low transaction fees and fast processing times. However, the recent spate of exploits targeting BSC-based protocols has raised questions about the security of the chain.

由於其交易費用低且處理時間快，BSC 已成為 DeFi 應用程式中流行的區塊鏈。然而，最近一系列針對基於 BSC 的協議的攻擊引發了人們對區塊鏈安全性的質疑。

Industry experts emphasize the importance of thorough code audits and rigorous testing to identify and address potential vulnerabilities in DeFi protocols. They also stress the need for users to exercise due diligence when interacting with DeFi platforms, carefully considering the associated risks and the reputation of the projects.

行業專家強調徹底的程式碼審核和嚴格的測試的重要性，以識別和解決 DeFi 協議中的潛在漏洞。他們也強調，使用者在與 DeFi 平台互動時需要進行盡職調查，仔細考慮相關風險和專案的聲譽。

The DeFi space is still in its nascent stages, and it is expected that further security incidents will occur. However, by continuously learning from past exploits and implementing robust security practices, the community can strive to minimize the impact of these attacks and enhance the overall resilience of the DeFi ecosystem.

DeFi 領域仍處於起步階段，預計還會發生更多安全事件。然而，透過不斷從過去的漏洞中學習並實施強大的安全實踐，社群可以努力最大限度地減少這些攻擊的影響，並增強 DeFi 生態系統的整體彈性。