币安智能链上的 PancakeBunny DeFi 协议遭遇毁灭性闪电贷攻击，导致价格暴跌 95%

PancakeBunny 是一家收益耕作聚合商，已成为闪电贷攻击的受害者，导致其代币 (Bunny) 的价值暴跌超过 95%，从 146 美元左右跌至 6.17 美元。黑客操纵币安 BNB 代币相对于币安 USD 稳定币和 Bunny 代币的价格，借入大量 BNB 来执行攻击。目前还不清楚流失的总价值，但区块链数据显示攻击者获利近 300 万美元。

Binance Smart Chain DeFi Protocol PancakeBunny Suffers Devastating Flash Loan Attack, Leading to 95% Price Collapse

币安智能链 DeFi 协议 PancakeBunny 遭遇毁灭性闪电贷攻击，导致价格暴跌 95%

On May 20, 2021, the yield-farming aggregator PancakeBunny fell victim to a sophisticated flash loan attack, causing the value of its native token, Bunny, to plummet by over 95%. The attack has sent shockwaves through the decentralized finance (DeFi) community, highlighting the vulnerabilities that continue to plague the burgeoning sector.

2021 年 5 月 20 日，收益挖矿聚合商 PancakeBunny 成为复杂的闪贷攻击的受害者，导致其原生代币 Bunny 的价值暴跌超过 95%。这次攻击在去中心化金融（DeFi）社区引起了冲击，凸显了继续困扰这个新兴行业的漏洞。

According to official tweets from PancakeBunny, the attacker meticulously orchestrated the exploit through PancakeSwap, the largest automated market maker on the Binance Smart Chain (BSC). The attacker initially borrowed a vast amount of Binance Coin (BNB), BSC's native token, using a flash loan mechanism. Flash loans allow users to borrow crypto assets without providing collateral, but the funds must be repaid within a single block confirmation.

根据 PancakeBunny 的官方推文，攻击者通过 Binance 智能链（BSC）上最大的自动化做市商 PancakeSwap 精心策划了该漏洞。攻击者最初使用闪贷机制借入了大量 BSC 的原生代币币安币 (BNB)。闪电贷允许用户在不提供抵押品的情况下借入加密资产，但资金必须在单个区块确认内偿还。

The attacker then manipulated the price of BNB against the Binance USD (BUSD) stablecoin and Bunny tokens. By artificially inflating the price of BNB, the attacker acquired a large quantity of Bunny tokens, which they swiftly dumped on the market. This massive sell-off sent the price of Bunny plummeting from approximately $146 to a mere $6.17, according to data from CoinGecko, representing a staggering 95% crash.

然后，攻击者操纵 BNB 相对于币安美元 (BUSD) 稳定币和 Bunny 代币的价格。攻击者通过人为抬高BNB的价格，获得了大量的Bunny代币，并迅速将其抛售到市场上。根据 CoinGecko 的数据，这次大规模抛售导致 Bunny 的价格从约 146 美元暴跌至仅 6.17 美元，跌幅高达 95%。

The exact amount of funds drained by the attacker remains unclear, but blockchain data suggests that the perpetrator may have profited by close to $3 million. This attack is the latest in a string of exploits targeting DeFi protocols operating on the BSC. On May 16, bEarn.Fi, a cross-chain farming protocol, suffered an exploit that resulted in the loss of nearly $11 million.

攻击者流失的确切资金数额尚不清楚，但区块链数据表明，攻击者可能获利近 300 万美元。此次攻击是一系列针对 BSC 上运行的 DeFi 协议的攻击中的最新一起。 5 月 16 日，跨链挖矿协议 bEarn.Fi 遭受攻击，造成近 1100 万美元损失。

Despite the severity of the attack, neither Binance nor its CEO, Changpeng "CZ" Zhao, had commented on the incident at the time of writing. Binance did not immediately respond to requests for comment from CoinDesk.

尽管攻击非常严重，但截至撰写本文时，币安及其首席执行官赵长鹏“CZ”均未对此事件发表评论。币安没有立即回应 CoinDesk 的置评请求。

This exploit underscores the ongoing security concerns surrounding the DeFi ecosystem. Flash loan attacks, in particular, have become a favored tactic for malicious actors due to their ability to manipulate asset prices and drain funds swiftly.

这一漏洞凸显了围绕 DeFi 生态系统持续存在的安全问题。尤其是闪电贷攻击，由于其能够操纵资产价格并迅速耗尽资金，已成为恶意行为者最喜欢的策略。

As DeFi protocols continue to attract substantial capital and users, it is imperative that developers prioritize robust security measures to mitigate the risk of further attacks. The PancakeBunny incident serves as a stark reminder of the need for constant vigilance and continuous improvement in the security infrastructure of DeFi platforms.

随着 DeFi 协议继续吸引大量资本和用户，开发人员必须优先考虑强有力的安全措施，以降低进一步攻击的风险。 PancakeBunny事件强烈提醒我们，需要时刻警惕并不断完善DeFi平台的安全基础设施。

Additional Context and Commentary:

其他背景和评论：

The BSC has emerged as a popular blockchain for DeFi applications due to its low transaction fees and fast processing times. However, the recent spate of exploits targeting BSC-based protocols has raised questions about the security of the chain.

由于其交易费用低和处理时间快，BSC 已成为 DeFi 应用程序中流行的区块链。然而，最近一系列针对基于 BSC 的协议的攻击引发了人们对区块链安全性的质疑。

Industry experts emphasize the importance of thorough code audits and rigorous testing to identify and address potential vulnerabilities in DeFi protocols. They also stress the need for users to exercise due diligence when interacting with DeFi platforms, carefully considering the associated risks and the reputation of the projects.

行业专家强调彻底的代码审核和严格的测试的重要性，以识别和解决 DeFi 协议中的潜在漏洞。他们还强调，用户在与 DeFi 平台互动时需要进行尽职调查，仔细考虑相关风险和项目的声誉。

The DeFi space is still in its nascent stages, and it is expected that further security incidents will occur. However, by continuously learning from past exploits and implementing robust security practices, the community can strive to minimize the impact of these attacks and enhance the overall resilience of the DeFi ecosystem.

DeFi 领域仍处于起步阶段，预计还会发生更多安全事件。然而，通过不断从过去的漏洞中学习并实施强大的安全实践，社区可以努力最大限度地减少这些攻击的影响，并增强 DeFi 生态系统的整体弹性。