Paraluni Masterchef
Summary
Paraluni is a metaverse DeFi yield-farming protocol deployed on Binance Smart Chain (BSC). On March 13, 2022, its MasterChef smart contract was exploited via a reentrancy vulnerability in the depositByAddLiquidity function, resulting in approximately $1.7 million in losses. The attacker laundered the proceeds through Tornado Cash and never returned funds despite a public appeal from the Paraluni team.
Connected Entities
1 entities · 10 linked investigationsTimeline(4 events)
2022-03-13
Paraluni MasterChef contract exploited via reentrancy attack. Approximately $1.7 million stolen using PancakeSwap flash loans and malicious ERC-20 tokens (UBT/UGT). Attack transaction: 0x70f367b9420ac2654a5223cc311c7f9c361736a39fd4e7dff9ed1b85bab7ad54.
CertiK, SlowMist, Halborn2022-03-13
PeckShield publicly identifies the exploit and attacker address (0x94bc1d555e63eea23fe7fdbf937ef3f9ac5fcf8f) via Twitter alert.
PeckShield Twitter2022-03-13
Attacker converts stolen USDT/BUSD to BNB, cross-chains approximately 235 ETH to Ethereum via cBridge, then deposits 660 ETH into Tornado Cash across 12 transactions.
SlowMist Incident Analysis2022-03-14
Paraluni team publicly offers to treat the exploit as a white-hat disclosure and proposes a reward in exchange for return of funds. Attacker does not respond.
Halborn / CoinCodeCapDecision Log
- hash: DBnnCHsB6LAX3E9MEPuLzDw7TDKChS5ofwDDAVjqWw9y
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:50 AM
last updated: 5/28/2026, 3:51:51 PM
avoid.net — verified advice for a post-truth world