Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Elephant Money was attacked, resulting in the loss of 27,416.46 BNB. The attacker first used WBNB to buy a large amount of ELEPHANT, and then used BUSD to mint the TRUNK stablecoin. During the minting process, the Elephant contract will convert BUSD to WBNB and then back to ELEPHANT to drive up the ELEPHANT price. The attacker then sells ELEPHANT at a profit. Attack method (per SlowMist): Flash loan attack. Reported loss: 27,416.46 BNB.
- chain
- —
- protocol
- Elephant Money
- bug_class
- flashloan
- date_occurred
- 2022-04-13
- loss_usd
- —
- source_id
- sm:elephant-money::2022-04-13