Elephant Money, a decentralized "yield farming" protocol on BNB Chain with native token ELEPHANT and stablecoin TRUNK, has suffered from an attack on its reserve.
"Traditional price manipulation attack" results in $11.2 million lost
According to a statement by cybersecurity team BlockSec, Elephant Money DeFi protocol has fallen victim to a price manipulation attack that started with borrowed Wrapped Binance Coins (WBNB).
1/ the attack to the @ElephantStatus is a traditional price manipulation attack. We will use the following transaction(https://t.co/eY3HaWPWXE) to illustrate the process.@defiprime @bbbb @Mudit__Gupta @bantg— BlockSec (@BlockSecTeam) April 12, 2022
In a number of operations, the attacker minted TRUNK stablecoin and redeemed it to get more WBNB and BUSD. It resulted in the spike of the ELEPHANT price and a $4 million profit for attackers per cycle.
Hackers performed this attack a number of times; per Elephant Money's estimations, in total, $11.2 million in equivalent has been lost permanently.
Another top-tier DeFi security team, PeckShield, called this sort of attack "forced investment."
Elephant Money team is already working on an emergency patch and new mechanisms that would prevent similar attacks from happening again.
"Funds are safe, don't answer, don't sell"
Immediately after the attack, the price of ELEPHANT, which is the reward token for Elephant Money's liquidity provides, dropped by almost 88% in no time.
Despite a slight retracement, by press time, the token changes hands at $0.000000088508, or down 77.1% from yesterday's levels.
At the same time, representatives of Elephant Money officially stated that no users' funds are at risk right now. The only warning they issued is to restrain from panic selling.
As covered by U.Today previousy, in recent weeks, the DeFi segment has gone through a series of hacker attacks. After the record-breaking hack of Axie Infinity's Ronin Network, the Sky Mavis team launched s $1 million bounty campaign.