🔥 Land A High Paying Web3 Job In 90 Days LEARN MORE

Ankr protocol exploited trillions of aBNBc by attackers

242864
ANKR protocol exploited trillions of aBNBcANKR protocol exploited trillions of aBNBc

In this post:

  • Attackers exploited the Ankr Protocol and stole trillions of aBNBc tokens.
  • The attacker stole keys from the ANKR deployer and exploited the Smart contract’s mint function.
  • Some funds were sent to Tornado Cash or burn address, bridged to other networks, while others ended up on the Binance exchange.
  • ANKR mentioned on Twitter that they would issue new aBNBc tokens and refund affected users.

On December 2nd, at 12:35 GMT, Peckshield flagged an exploit made by an attacker on Ankr protocol. The exploit made way with 20 trillion aBNBc reward tokens from the protocol.

Ankr Reward Bearing Staked BNB (aBNBc) is a reward-bearing token, meaning its quantity stays the same from the moment of staking. The token appreciates as its redemption ratio grows because of reward accumulation.

Ankr launched the token on the Binance chain as a liquid staking function on Ankr. Users earned interest by staking their BNB on the Smart contract and obtained aBNBc as proof of the stake. 

Chasing the aBNBc money trail

According to Lookonchain, the attacker stole keys from the Ankr deployer and minted 10 trillion aBNBc that he sent to himself. He later transferred 1.125BNB to the address for gas fees and began dumping the stolen tokens.

The attacker exploited the contract again and minted 10 trillion more tokens. After the exploitations, the attacker began washing money into BNB and Ethereum through Tornado cash.

Tornado Cash is a decentralized, open-source Smart contract that provides the service of washing ‘tainted’ cryptocurrency funds with others to obscure the source of the funds.

The attacker also transferred the stolen funds to Helio Money; using the funds as collateral, he borrowed $16M HAY which he later sold for $15.5M BUSD. The attacker repeated similar transactions with $HAY sold for BNB on multiple occasions.

See also  US president Biden declares Trump-proof sanctions on Putin's Russia

$16M HAY exploit analysis by Lookonchain.

Peckshield security firm revealed that the Ankr contract had a bug in its minting function. A w/ 0x3b3a5522 function signature embedded in the contract could bypass the OnlyMinter Function and have arbitrary mint. 

Peckshield also noted the attackers bridged funds through Celer and de BridgeGate to Ethereum and Tornado cash. 

Ankr reacted on Twitter by acknowledging the hack and quickly notified exchanges to stop the token trades. They advised their community to avoid trading the tokens, withdraw liquidity from exchanges, and cited the issuance of new Tokens. The move would render the stolen tokens valueless.

Peckshield noted multiple exploits from the mint function. 

The attackers remain highly active; blockchain stats indicate the exploiters also burnt billions of tokens.

According to Peckshield, some exploiters transferred USDC, and BUSD washed from the exploit to the Binance exchange. The washed funds into Binance total about $19M.  

Binance CEO Changoeng Zhao (CZ) acknowledged the exploits earlier, noting that $3M funds moved by the exploiters to Binance were frozen with withdrawals paused. He noted that the exploiter managed to steal private keys to the contract.

See also  Coingecko: Crypto market cap nearly doubled in 2024, BTC dominance cemented

Impact of Ankr protocol exploit

At 2:00 am GMT, aBNBc prices fell 99% following the exploit. Trading has so far been paused on various exchanges as the Ankr team works to resolve the issue and refund the affected traders.

The exploit affected HAY, stablecoin, and is down 35% in the last 24 hours and trading at $0.6434. At the peak, it fell to $0.2113.

Ankr is trading at $0.02168, down by 3.93 in the last 24 hours. BNB has remained relatively stable and trades at $290.4.

As the situation unfolds, we can anticipate continuous updates from the involved parties. Binance and Ankr are hot on the case; Binance will likely freeze funds transferred to their exchange while analysts will earmark the stolen funds for tracking.

The Ankr protocol joins a series of other DeFi exploits in 2022. According to an analysis made by Chainalysis, the number of DeFi exploits in 2022 is at a record high which has so far hemorrhaged over $800M of investor funds.

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Subscribe to CryptoPolitan