Skip to main content
Sign in
Bunny Finance1 decision on this page

Audit log

Every state-changing event for Bunny Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-21 18:45:39Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 421,258,808
    sig
    3j6yVSjiRR78…RTgWhyQ1explorer ↗
    hash
    EGPLPKrpTXFZ…5f7nLP3Csha256 → base58
    verifying row…full verify ↗
    canonical bytes (8214 B) ▸
    {"actor":"system:backfill","investigation_id":"dfc8260f-49f7-49ec-911f-236582a8d053","kind":"publish","page_slug":"bunny","published_at":"2026-05-21T18:45:39.247Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Bunny Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/markets/2021/05/20/flash-loan-attack-causes-defi-token-bunny-to-crash-over-95","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-pancakebunny-protocol-hack-may-2021","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/pancakebunny-tanks-96-following-200m-flash-loan-exploit","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/71585/pancakebunny-defi-exploit","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/pancakebunny-rekt","type":"other","url":""},{"credibility":3,"name":"https://medium.com/amber-group/bsc-flash-loan-attack-pancakebunny-3361b6d814fd","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/pancakebunny2-rekt","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/bsc-defi-app-pancakebunny-releases-post-mortem-of-2-4-million-exploit/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/polybunny-finance-releases-2-4m-defi-attack-post-mortem-report/","type":"other","url":""},{"credibility":3,"name":"https://pancakebunny.medium.com/polybunny-post-mortem-compensation-42b5c35ce957","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-qubit-hack-january-2022","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/qubit-finance-suffers-80-million-loss-following-hack","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/markets/2022/01/28/defi-protocol-qubit-finance-exploited-for-80m","type":"other","url":""},{"credibility":3,"name":"https://bloomberg.com/news/articles/2022-01-28/hackers-seize-80-million-from-qubit-in-lastest-defi-attack","type":"other","url":""},{"credibility":3,"name":"https://therecord.media/qubit-finance-platform-hacked-for-80-million-worth-of-cryptocurrency","type":"other","url":""},{"credibility":3,"name":"https://www.chainalysis.com/blog/qubit-hack-north-korea/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/qubit-finance-hacked-for-80-million-in-latest-defi-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://pancakebunny-finance.readthedocs.io/en/main/audits.html","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-pancakebunny-protocol-hack-may-2021","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-qubit-hack-january-2022","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/pancakebunny2-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://pancakebunny.medium.com/pancake-bunny-x-binance-labs-introducing-your-team-mound-288c21209375","type":"other","url":""},{"credibility":3,"name":"https://techcrunch.com/2021/04/12/binance-labs-leads-1-6m-seed-round-in-defi-startup-mound-the-developer-of-pancake-bunny/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/binance-labs-leads-1-6m-investment-for-mound-defi-startup/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://pancakebunny.medium.com/pancakebunny-recovery-plan-63324473ceb4","type":"other","url":""},{"credibility":3,"name":"https://www.bitcoininsider.org/article/117201/pancakebunny-releases-recovery-plan-post-flash-loan-attack","type":"other","url":""},{"credibility":3,"name":"https://pancakebunny.medium.com/polybunny-pbunny-mnd-compensation-cee3d5883ae6","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/currencies/pancakebunny/","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/alexandria/article/the-tragicomedy-of-pancakebunny","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coinmarketcap.com/currencies/pancakebunny/","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/bunny","type":"other","url":""},{"credibility":3,"name":"https://www.coingecko.com/en/coins/pancake-bunny","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/pancake-bunny-exploit-44-million-stolen-as-bunny-token-crashed-99-in-seconds/","type":"other","url":""}]}],"sources_used":[],"summary":"PancakeBunny (Bunny Finance) was a Binance Smart Chain yield-optimizer developed by the anonymous team MOUND (Mound Inc.), which received a $1.6 million seed round led by Binance Labs in April 2021. The protocol suffered three separate exploits across 2021–2022 totaling over $127 million in losses, including a $45 million flash loan attack in May 2021, a $2.4 million polyBUNNY exploit on Polygon in July 2021, and an $80 million hack of its affiliated lending protocol Qubit Finance in January 2022. The BUNNY token has lost more than 99% of its all-time high value, the protocol transitioned to a DAO structure in early 2022, and no stolen funds from any exploit were publicly confirmed as recovered.","timeline":[{"date":"2021-04-12","event":"Binance Labs leads $1.6 million seed round in Mound Inc., developer of PancakeBunny. IDEO CoLab, SparkLabs also participate. Team exits stealth mode but remains anonymous.","source":""},{"date":"2021-04-21","event":"BUNNY token reaches all-time high of approximately $576.25.","source":""},{"date":"2021-05-19","event":"Flash loan attack on PancakeBunny BSC protocol. Attacker borrows ~2.3 million BNB via eight flash loans, manipulates internal price oracle, mints ~697,000 BUNNY tokens, and nets approximately 114,631 WBNB ($45 million). BUNNY price collapses from ~$146 to ~$6.","source":""},{"date":"2021-05-21","event":"PancakeBunny publishes post-mortem characterizing the incident as an 'economic exploit' rather than a smart contract breach. Team announces recovery plan.","source":""},{"date":"2021-06-01","event":"PancakeBunny launches formal recovery plan including pBUNNY compensation token, Compensation Pool funded by performance fees, and MND (Mound) token at 1.5x BUNNY swap ratio.","source":""},{"date":"2021-07-16","event":"polyBUNNY exploit on Polygon network. Attacker uses nearly identical flash loan minting technique, minting 2.1 million polyBUNNY tokens worth approximately $2.4 million. polyBUNNY price falls from ~$10 to ~$1.78.","source":""},{"date":"2021-07-21","event":"Team announces it will slow pace of releases, implement testnet deployments, bounty programs, and multi-layer code reviews before future mainnet launches. $2.4 million MND compensation plan announced for polyBUNNY holders.","source":""},{"date":"2022-01-27","event":"Qubit Finance (QBridge) hacked for approximately $80 million. Attacker exploits legacy deposit function in the cross-chain bridge contract to mint qXETH without depositing real ETH, draining 206,809 BNB. Funds routed through Tornado Cash. Chainalysis assesses attack as likely North Korea-linked.","source":""},{"date":"2022-01-31","event":"Qubit Finance offers attacker escalating bug bounties up to $2 million in exchange for returning the $80 million. No response or fund return reported.","source":""},{"date":"2022-02-01","event":"PancakeBunny transitions to DAO structure as active development winds down.","source":""},{"date":"2022-02-01","event":"PancakeBunny publishes 2022 roadmap, but subsequent development activity is minimal.","source":""},{"date":"2024-01-01","event":"BUNNY token trading near $0.06 with market cap below $35,000 — over 99.9% below all-time high. Protocol TVL near zero. No confirmed recovery of funds from any of the three exploits.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 243c2a10-06a5-4e6b-aab8-1961c0f84d0e
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.