Elephant Money Hack 2022 — $11M Exploit Analysis

Elephant Money lost $11.2M when an attacker flash-loaned BNB to manipulate ELEPHANT token prices and exploit the Treasury's convertELEPHANT function.

Details

Full Description

The attacker used a large BNB flash loan to buy ELEPHANT tokens on PancakeSwap, inflating the price. They then called Elephant Money's Treasury contract to convert ELEPHANT tokens back to BNB at the manipulated price. By cycling this buy/convert loop multiple times within a single transaction, the attacker extracted approximately 27,000 BNB from the treasury.

Laundering Analysis

Stolen BNB moved through multiple BSC wallets and converted via PancakeSwap. Funds eventually bridged to Ethereum and deposited into Tornado Cash. Elephant Money team published a post-mortem but did not fully compensate users. The protocol continued operations with a patched contract. No attacker identified.

Sources

Related Hacks

Back to Browse