Cyber Incident Victim: Elephant Money

On April 12, 2022, Elephant Money, a decentralized finance (DeFi) protocol supporting the ELEPHANT token and TRUNK stablecoin, publicly disclosed an automated attack against its treasury resulting in the theft of $11.2 million worth of Binance Coin (BNB). Blockchain security firms BlocSec and PeckShield analyzed the incident as a price manipulation attack executed through flash loans. The attackers borrowed wrapped Binance Coin (wBNB) via flash loans, exchanged these for large volumes of ELEPHANT tokens, and then minted TRUNK stablecoins. This artificial minting inflated the price of ELEPHANT tokens, enabling the attackers to exchange both ELEPHANT and TRUNK tokens for BNB and Binance USD (BUSD) stablecoins at a profit. BlocSec estimated each attack cycle yielded approximately $4 million in profit, with the attackers repeating the process multiple times. Elephant Money’s founder noted the attack required over $261 million in transaction volume to overcome the platform’s defenses, characterizing it as a planned and timed exploit despite the protocol’s history of resisting prior attacks.

Elephant Money responded by collaborating with blockchain security firm CertiK and DeFi insurance provider InsurAce to address the vulnerability. The team initiated efforts to patch the exploited weakness and utilized funds from its BUSD treasury to replenish the ELEPHANT Treasury. The protocol urged users to refrain from selling ELEPHANT tokens, warning that selling would lock in losses amid the token’s severe devaluation. Following the attack, the price of ELEPHANT plummeted 76% on Binance. The incident occurred against a backdrop of escalating DeFi exploits, with Chainalysis reporting $2.2 billion stolen from DeFi protocols in 2021 and the $600 million Ronin Network breach occurring weeks earlier. Elephant Money’s founder criticized unnamed prominent teams for failing to disclose known vulnerabilities despite community requests, asserting such inaction harmed the broader ecosystem.