Decentralized Web3 infrastructure provider Ankr has become the latest victim of a hacking attack targeting the Defi space. The perpetrators who attacked the platform were able to strike and steal a massive amount of tokens in a multi-million dollar exploit.
The Defi Ankr protocol falls victim to a multi-million dollar exploit.
Ankr, a decentralized financial system based on the Binance BNB protocol has been exploited by a hacker who apparently used an unlimited coinage bug. Channel analysts broke the news on social media and the attack, which took place on December 1, was confirmed by Ankr.
On Friday, infrastructure provider Web3 admitted on Twitter that its aBNB token had been exploited and announced it was working with exchanges to suspend trading. In a follow-up tweet, it also insisted that all underlying assets on Ankr Staking are safe and that infrastructure services are not affected.
Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.
– Ankr (@ankr) December 2, 2022
Initial reports from blockchain security firm Peckshield revealed that the unknown attacker was able to strike and dispose of about 10 trillion aBNB. It also found that some of the stolen funds were transferred to the Tornado Cash blender. Some of it was bridged through Celer and Debridgegate to ethereum.
On-chain analytics firm Lookonchain said the hacker hit 20 trillion tokens and dumped them on Pancakeswap, getting at least $5 million in the stablecoin USDC. The price of the Ankr BNB (aBNBc) reward stake has since collapsed from over $300 to just over $1.50, at the time of writing.
Peckshield explained that a smart contract for the aBNBc token had an unlimited currency bug that the hacker took advantage of. Another report suggests that the hacker managed to gain access to the Ankr deployment key.
Binance freezes $3 million in moved funds
NBB Chain to confirmed that it was aware of the attack and has blacklisted the hacker. Binance founder and CEO Changpeng Zhao said on Twitter that a developer’s private key was hacked and the hacker used it to update the smart contract. The exchange froze about $3 million in funds transferred on its platform.
Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.
– CZ 🔶 Binance (@cz_binance) December 2, 2022
These attacks come in a year marked by numerous security hacks targeting challenge and crypto-currency platforms. According to blockchain forensics firm Chainalysis, the resulting losses in 2022 amount to $3 billion. In early October, BNB Chain was temporarily shut down following a hack that cost nearly $600 million.