PancakeBunny：DeFi 世界创新与脆弱性的警示故事

在动荡的去中心化金融 (DeFi) 世界中，PancakeBunny 的传奇故事清楚地提醒我们创新和脆弱性。

DeFi protocol PancakeBunny was once a shining star in the Binance Smart Chain firmament, offering users a convenient way to maximize their yields. But like Icarus flying too close to the sun, PancakeBunny's hubris led to a spectacular downfall.

DeFi 协议 PancakeBunny 曾经是币安智能链天空中一颗闪亮的明星，为用户提供了最大化收益的便捷方式。但就像伊卡洛斯飞得离太阳太近一样，PancakeBunny 的傲慢也导致了巨大的失败。

In May 2021, a flash loan attack struck the protocol with devastating force. The attackers made off with a massive loot of around 697,000 BUNNY and 114,000 BNB, dealing a crushing blow to the value of BUNNY tokens, which plummeted by an astonishing 95%.

2021 年 5 月，闪电贷攻击对该协议造成了毁灭性的打击。攻击者抢走了约 697,000 个 BUNNY 和 114,000 个 BNB 的大量赃物，对 BUNNY 代币的价值造成了毁灭性打击，暴跌了惊人的 95%。

Despite valiant efforts to salvage the situation, PancakeBunny ultimately disbanded, transforming into a decentralized autonomous organization (DAO). But the story was far from over.

尽管做出了勇敢的努力来挽救局势，PancakeBunny 最终解散，转变为一个去中心化的自治组织（DAO）。但故事还远未结束。

Three years later, on July 7, 2024, a startling development occurred: funds linked to the original hack were finally on the move again.

三年后，即 2024 年 7 月 7 日，发生了令人震惊的事态发展：与原始黑客攻击相关的资金终于再次流动。

A wallet address associated with the attack moved 1,002 Ether (ETH) — valued at over $3 million — through the privacy protocol Tornado Cash, in an attempt to conceal the origins of the transaction.

与此次攻击相关的一个钱包地址通过隐私协议 Tornado Cash 转移了 1,002 以太币 (ETH)，价值超过 300 万美元，试图隐藏交易的来源。

"On Sunday the @PancakeBunnyFin exploiter deposited 1002 ETH (~$2.9m) into @TornadoCash via 0xd0f2259e0bd71e849143bbc07f4e427bb6f7756b

“周日，@PancakeBunnyFin 漏洞利用者通过 0xd0f2259e0bd71e849143bbc07f4e427bb6f7756b 将 1002 ETH（约合 290 万美元）存入@TornadoCash

Bunny Finance was exploited for ~$45m in May 2021

Bunny Finance 于 2021 年 5 月被利用约 4500 万美元

The exploiter still holds $11.4m DAI in 0x820C👇"

漏洞利用者在 0x820C 中仍持有 1140 万美元的 DAI 👇”

CertiK, a blockchain security firm that's played a pivotal role in investigating and preventing such incidents, reported that the hacker still holds a substantial $11.4 million in DAI.

区块链安全公司 CertiK 在调查和防止此类事件中发挥了关键作用，该公司报告称，黑客仍持有价值 1140 万美元的 DAI。

This incident serves as a stark reminder of the profound impact that DeFi hacks can have on protocols and investors alike. But even as the threat of hacks looms large, there are positive developments underway to bolster DeFi's security defenses.

这一事件清楚地提醒我们，DeFi 黑客可能对协议和投资者产生深远的影响。但尽管黑客威胁日益凸显，但加强 DeFi 安全防御的积极进展仍在继续。

CertiK, for instance, has recently taken a major step to enhance its capabilities in securing and managing blockchain deployments. By migrating their suite of blockchain applications to Alibaba Cloud, CertiK is strengthening its ability to safeguard DeFi protocols from malicious actors.

例如，CertiK 最近采取了重大举措来增强其保护和管理区块链部署的能力。通过将区块链应用程序套件迁移到阿里云，CertiK 正在增强其保护 DeFi 协议免受恶意行为者侵害的能力。

Highlighting the critical importance of proactive security measures, Nicholas Percoco, Chief Security Officer at Kraken, recently shared an experience where a security researcher—later identified as CertiK—was initially accused of extortion after discovering vulnerabilities in Kraken's systems.

Kraken 首席安全官 Nicholas Percoco 最近分享了一次经历，强调了主动安全措施的至关重要性，一名安全研究人员（后来被称为 CertiK）在发现 Kraken 系统中的漏洞后最初被指控勒索。

As DeFi continues to evolve, it brings forth new challenges and complexities in the realm of security. But with each lesson learned, from PancakeBunny's rise and fall to the latest developments in blockchain security, we move closer to forging resilient decentralized financial ecosystems.

随着 DeFi 的不断发展，它给安全领域带来了新的挑战和复杂性。但随着每一次的教训，从 PancakeBunny 的兴衰到区块链安全的最新发展，我们离打造有弹性的去中心化金融生态系统又近了一步。

In other DeFi news, a user has reportedly lost a staggering $240,000 worth of NFTs in a hack on the Blur marketplace.

在其他 DeFi 新闻中，据报道，一名用户在 Blur 市场遭受黑客攻击时损失了价值 24 万美元的 NFT。