Summary
PancakeBunny (Bunny Finance) was a Binance Smart Chain yield-optimizer developed by the anonymous team MOUND (Mound Inc.), which received a $1.6 million seed round led by Binance Labs in April 2021. The protocol suffered three separate exploits across 2021–2022 totaling over $127 million in losses, including a $45 million flash loan attack in May 2021, a $2.4 million polyBUNNY exploit on Polygon in July 2021, and an $80 million hack of its affiliated lending protocol Qubit Finance in January 2022. The BUNNY token has lost more than 99% of its all-time high value, the protocol transitioned to a DAO structure in early 2022, and no stolen funds from any exploit were publicly confirmed as recovered.
Connected Entities
2 entities- + 3 more
Timeline(12 events)
2021-04-12
Binance Labs leads $1.6 million seed round in Mound Inc., developer of PancakeBunny. IDEO CoLab, SparkLabs also participate. Team exits stealth mode but remains anonymous.
2021-04-21
BUNNY token reaches all-time high of approximately $576.25.
2021-05-19
Flash loan attack on PancakeBunny BSC protocol. Attacker borrows ~2.3 million BNB via eight flash loans, manipulates internal price oracle, mints ~697,000 BUNNY tokens, and nets approximately 114,631 WBNB ($45 million). BUNNY price collapses from ~$146 to ~$6.
2021-05-21
PancakeBunny publishes post-mortem characterizing the incident as an 'economic exploit' rather than a smart contract breach. Team announces recovery plan.
2021-06-01
PancakeBunny launches formal recovery plan including pBUNNY compensation token, Compensation Pool funded by performance fees, and MND (Mound) token at 1.5x BUNNY swap ratio.
2021-07-16
polyBUNNY exploit on Polygon network. Attacker uses nearly identical flash loan minting technique, minting 2.1 million polyBUNNY tokens worth approximately $2.4 million. polyBUNNY price falls from ~$10 to ~$1.78.
2021-07-21
Team announces it will slow pace of releases, implement testnet deployments, bounty programs, and multi-layer code reviews before future mainnet launches. $2.4 million MND compensation plan announced for polyBUNNY holders.
2022-01-27
Qubit Finance (QBridge) hacked for approximately $80 million. Attacker exploits legacy deposit function in the cross-chain bridge contract to mint qXETH without depositing real ETH, draining 206,809 BNB. Funds routed through Tornado Cash. Chainalysis assesses attack as likely North Korea-linked.
2022-01-31
Qubit Finance offers attacker escalating bug bounties up to $2 million in exchange for returning the $80 million. No response or fund return reported.
2022-02-01
PancakeBunny transitions to DAO structure as active development winds down.
2022-02-01
PancakeBunny publishes 2022 roadmap, but subsequent development activity is minimal.
2024-01-01
BUNNY token trading near $0.06 with market cap below $35,000 — over 99.9% below all-time high. Protocol TVL near zero. No confirmed recovery of funds from any of the three exploits.
Decision Log
- hash: EGPLPKrpTXFZyEdnFCPqSVSvHw7PZD7i2tVo5f7nLP3C
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:57 AM
last updated: 5/21/2026, 6:45:39 PM
avoid.net — verified advice for a post-truth world