WEB3-CREAM-FINANCE-2021

On 20 May 2021 PancakeBunny, a yield aggregator on BNB Chain, was drained of roughly $45 million (about 114,000 WBNB plus around 3.8M USDT) in a flash-loan mint-manipulation attack that crashed the BUNNY token by over 95%. The protocol's reward minting valued assets through a price calculator that read the spot reserves (getReserves) of the BUNNY/WBNB and USDT/WBNB PancakeSwap pairs, and computed LP amounts with raw balanceOf() that could be inflated by direct transfers. The attacker took recursive flash loans of millions of WBNB, swapped WBNB for USDT to cheapen WBNB and skew both pools, then triggered the deposit/reward path so the manipulated price fed the BUNNY mint formula (amplified by a multiplier) and minted roughly 6.9 million BUNNY from nothing, which they immediately dumped into the inflated pool for WBNB and USDT. The root cause was computing mint amounts from manipulable on-chain spot reserves and unguarded balanceOf() rather than an external price.

On 14 November 2020 Value DeFi's MultiStables vault was exploited for a net loss of roughly $6 million on Ethereum (the attacker later returned some funds) in a flash-loan price-manipulation attack, despite the vault marketing itself as flash-loan resistant. The vault valued stablecoin shares by converting assets to USDC and pricing them against Curve's 3pool spot rates, with no protection against intra-block manipulation, and deposits were not gated against contracts. The attacker flash-borrowed 80,000 ETH from Aave plus a large DAI flash swap from Uniswap, deposited DAI to mint vault shares, then swapped tens of millions of DAI and USDT into USDC to drain USDC from the 3pool so the remaining conversion returned inflated 3CRV amounts, making the vault's share price read about 1.32x its true value. They then withdrew their shares for far more 3CRV than deposited and repaid the loans for profit. The root cause was share pricing off a single Curve pool's manipulable spot rate inside one transaction.

A frontend hijack leaves the on-chain contracts untouched but replaces the Web2 surface serving the dApp UI with a wallet-drainer clone, so no Solidity audit can catch it. The recurring pattern: attackers take over the domain registrar or DNS provider account (or a CDN/tag-manager account), repoint the domain to a cloned site, and prompt visitors to sign malicious token approvals, EIP-2612 permit signatures, or transfers. Curve Finance was hit twice: on August 9-10, 2022 its curve.fi domain was DNS-hijacked via a compromised nameserver and drained ~$570K in USDC/DAI; and again around May 12, 2025 at the registrar level, after which Curve permanently migrated to curve.finance and announced an ENS move (Convex Finance and Resupply, which depend on Curve's data feeds, suffered dependency-driven outages but were not themselves compromised). In July 2024 a mass wave hit DeFi domains registered through Squarespace, whose forced migration off Google Domains stripped 2FA: Compound's frontend redirected to an Inferno Drainer clone and 100+ protocols were exposed (Celer blocked its takeover via domain monitoring). Ambient Finance's domain was hijacked through stolen registrar credentials on October 17, 2024. Most recently, on April 14, 2026 attackers used forged identity documents to social-engineer the registrar into handing over DNS control of CoW Swap's swap.cow.fi and cow.fi domains, redirecting users to a pixel-perfect drainer clone for about 90 minutes; over $1M was taken in roughly three hours, including 219 ETH (~$750K) from a single wallet, while CoW's contracts, backend APIs, and solver network were untouched. The same bucket includes CDN-account injections (KyberSwap's September 2022 Cloudflare/Google Tag Manager compromise, ~$265K) and BGP route hijacks that swap signed bundles for drainer code.

On September 2, 2025 Bunni, a liquidity manager built on Uniswap v4, was drained of roughly $8.4 million across Ethereum and Unichain (USDC, USDT, and weETH/ETH) through a rounding error in its withdrawal accounting amplified by flash loans. Bunni's Liquidity Distribution Function (LDF) tracks an 'idle balance' that is rebalanced on every swap, and the withdraw path rounded that balance in the wrong direction under specific conditions. The attacker flash-borrowed millions in USDT and executed a precisely sized sequence of swaps that pushed the pool's spot price back and forth across tick boundaries, triggering the faulty rounding repeatedly; each cycle let them withdraw more tokens than they burned in liquidity (in the USDC/USDT pool the idle balance fell 85.7% while liquidity fell only 84.4%, and that gap was the leak). The bug was application-specific accounting math, not an oracle or price-feed flaw. Unable to fund a secure relaunch, the Bunni team announced on October 23, 2025 that it was permanently shutting down, leaving withdrawals open and relicensing v2 from BUSL to MIT.

On May 22, 2025 Cetus Protocol, the leading DEX on Sui, was drained of approximately $223M. The root cause was a flawed overflow check: the checked_shlw function in the integer-mate math library built its guard mask as 0xFFFFFFFFFFFFFFFF << 192 instead of 0x1 << 192, so values above 2^192 slipped past the check and the subsequent 64-bit left shift silently overflowed (left shifts do not abort in Move). The flaw lived in get_delta_a, which computes the tokens needed for a liquidity position; under the overflow the numerator wrapped to a tiny value, so the function demanded as little as 1 token unit for an enormous liquidity amount. Using flash swaps (borrowing ~10M haSUI), the attacker opened a tight-range position (ticks [300000, 300200]) and minted a massive amount of liquidity for a negligible deposit, then withdrew real pool reserves. Around $162M was frozen on-chain by Sui validators and eventually returned, while roughly $62M was bridged out to Ethereum. Cetus relaunched after recovering and replenishing affected pool liquidity.

On April 14, 2025 the perpetuals DEX KiloEx lost about $7.5 million across BNB Chain, Base, opBNB, and Taiko to what was reported as oracle price manipulation but was really an access-control failure. KiloEx's price feed (KiloPriceFeed.setPrices) was meant to be reachable only through a keeper-gated call chain, but the top-level MinimalForwarder.execute function was publicly callable and validated an attacker-supplied signature against attacker-supplied data, letting anyone forge a trusted call that reached setPrices and write an arbitrary price. The attacker set a market price far below true value, opened a leveraged position, then set the price far above value and closed it in the same flow, extracting fabricated profit from the vault; the sequence was repeated across all four chains, with a single transaction netting $3.12M. Reporting that framed it as flash-loan oracle manipulation was imprecise: no market liquidity was moved, the price was simply written directly through the unprotected forwarder. After KiloEx offered a 10% (~$750K) whitehat bounty and no legal action, the attacker returned essentially all of the funds by April 18, 2025.