DeFi protocol based on BNB Chain Ankrconfirmed a million-dollar hack. The attack in question was shared by on-chain security analyst PeckShield.
Within an hour of the attack, Ankr, aBNB tokenHe confirmed that he was attacked. The DeFi protocol has confirmed that it is in contact with exchanges to block the sale of the said assets.
Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.
— Ankr (@ankr) December 2, 2022
It was claimed that the attacker was able to print 20 trillion Ankr Reward Bearing Staked BNB (aBNBc) in the protocol. aBNB functions as a distributed reward token for the BNB staked in the protocol.
On-chain analytics firm Lookonchain has disguised its assets using the offensive Uniswap, Tornado Cash and different bridges. It is also claimed that the attacker managed to convert the hidden assets to 5 million USDC.
In another shared post, it was stated that the basic assets in Ankr Staking are safe. Infrastructure was not affected by the attack.
Seems that @ankr got hacked an hour ago!
The exploiter minted 20T aBNBc and dumped it on #PancakeSwap.
At present, the exploiter have successfully exchanged more than 5 million $USDC.https://t.co/hF1tgNYw0t pic.twitter.com/XIPjBi6wvs
— Lookonchain (@lookonchain) December 2, 2022
Blockchain security firm Beosin commented on the attack to Cointelegraph. According to the comment, the attack was most likely carried out by exploiting a vulnerability in the smart contract code. The vulnerability may have emerged after the update made 12 hours before the attack.
Beosin also underlined that the aBNBc price dropped 99.5% from $303.89 to $1.53 in just a few hours.
@ankr has been exploited. $aBNBc has dropped -99.5%.
The hacker minted tons of $aBNBc and made a profit of 5,500 BNB (~$1.6 million)
The deployer changed the implementation contract to the vulnerable contract address before the attack (possibly due to private key compromise). pic.twitter.com/GJheXh0oDp— Beosin Alert (@BeosinAlert) December 2, 2022
“It is possible that the distributor’s private key could be exposed in this upgrade, allowing an attacker to use distributor privileges to modify the contract.”
According to a Twitter post, Binance is in talks with the Ankr team. Binance also confirmed that none of its clients’ assets were affected by the attack. The attacker’s wallet address has been added to the blacklist.
We are aware of the attack on @ankr‘s aBNBc that happened earlier today, leading to a substantial amount of new aBNBc being minted. The exploiter has been blacklisted.
Our community is on top of it, coordinating a response. We will provide more updates as they become available.— BNB Chain (@BNBCHAIN) December 2, 2022
You can follow the current price action here.
Disclaimer: What is written here is not investment advice. Cryptocurrency investments are high-risk investments. Every investment decision is under the individual’s own responsibility. Finally, Koinfinans and the author of this content cannot be held responsible for personal investment decisions.