By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Decentralized Yield Farming Protocol Elephant Money Exploited for Over $11 Million

Quick take:

  • Elephant Money, a yield farming protocol on the BNB chain, suffered a price manipulation attack.
  • The exploit seems to have caused an overall loss of $11 million.

Elephant money has suffered a massive attack on its reserve. The manipulative price attack seems to have made an overall loss of over $11 million.

A cybersecurity team called BlockSec identified the attack and wrote a tweet about how the attack was carried out.

Traditional price manipulation attack

In a medium article, the Elephant Money team wrote that the attack was a coordinated exploit by several bad actors. The attacker borrowed 131,162 BNB and 91,035,000 using the flash loan to carry out the exploit. The attacker then swapped 131,162 BNB to 34,244 Elephant tokens. The attacker then mints the TRUNK token by providing BUSD. 

In particular, the vulnerable contract will first swap BUSD to WBNB and then use ELEPHANT to buy ELEPHANT. During this process, the price of ELEPHANT will rise. The attacker then gets the TRUNK token.

The attacker then used the elephant token to obtain more WBNB. The attacker then redeemed the TRUNK token to get WBNB and BUSD. As per the severity of the attack, the attacker can earn around $4 million in one attack. Read this thread to get a detailed idea of the entire attack.

Security team Peckshield referred to this kind of attack as a forced investment. The attackers repeated the process to loot over $11.2 million or 27,416 BNB. The Elephant team has currently paused minting and redeeming TRUNK.

The team is working on security patches to prevent further attacks from happening.

The information provided on DecentReviews does not constitute investment advice, financial advice, trading advice, or any other sort of advice. Do not treat any of the websites content as such. DecentReviews does not recommend that any cryptocurrency or blockchain asset should be bought, sold, or held by you. Conduct your own due diligence and consult your financial advisor before making any investment decisions.

Get free Web3 analysis and news in your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Platforms/tools Mentioned:

There are no products mentioned.
This page may contain affiliate links. Learn more