Part of the stolen funds connected to PancakeBunny, a decentralized finance protocol on the Binance Smart Chain, was funneled through the privacy protocol Tornado Cash after three years of dormancy.

PancakeBunny suffered a flash loan attack in May 2021 and lost roughly 697,000 BUNNY and 114,000 BNB (BNB), which tanked the value of its BUNNY token by 95%.

Price drop in BUNNY/BNB trading pair following the initial attack: Poocoin.app

Aftermath of PancakeBunny hack

PancakeBunny, the decentralized finance (DeFi) yield farming aggregator, was unable to recover the stolen funds and eventually dissolved the protocol, transforming it into a decentralized autonomous organization (DAO).

Three years later, on July 7, a wallet address linked to the PancakeBunny hacker transferred 1,002 Ether (ETH) of stolen funds to Tornado Cash to deter traceability.

Source: CertiK

Stolen funds on the move after many years

Based on current market prices, the hacker siphoned roughly $3 million in Ether. According to CertiK, the PancakeBunny exploiter currently holds $11.4 million of DAI (DAI).

Tracking Bunny Finance’s lost funds’ movement. Source: CertiK

Crypto security experts emphasize heavily the importance of preventive measures when it comes to protecting protocol hacks. In this effort, CertiK migrated its its suite of 12 blockchain applications in Asia to a cloud computing subsidiary of Chinese e-commerce giant Alibaba.

CertiK’s existing suite of product offerings. Source: CertiK

Ronghui Gu, co-founder of CertiK said:

“For over five years, we have believed in the transformative power of blockchain technology. We look forward to empowering developers with secure blockchain development and deployment through Alibaba Cloud’s platform.”

The move allows developers expecting high resource demands during peak hours to use Alibaba Cloud’s additional computing, storage and distribution resources.

A CertiK investigation that backfired Blockchain security firm CertiK recently identified itself as the “security researcher” that cryptocurrency exchange Kraken claimed stole $3 million worth of digital assets.

Kraken chief security officer Nicholas Percoco claimed that an unnamed security team — not revealed to be CertiK at the time — had committed “extortion” by refusing to return any funds until the exchange agreed to provide “a speculated $ amount that this bug could have caused if they had not disclosed it.”