Decentralized Web3 infrastructure provider Ankr has become the latest victim of a hacking attack targeting the defi space. The perpetrators who hit the platform were able to mint and steal a massive amount of tokens in a multimillion-dollar exploit.
Defi Protocol Ankr Hit by Unlimited Mint Bug Exploit Worth Millions
Ankr, a decentralized finance (defi) protocol based on Binance’s BNB Chain, has been exploited by a hacker who apparently used an unlimited minting bug. On-chain analysts broke the news on social media and the attack, which occurred on Dec. 1, was confirmed by Ankr.
On Friday, the Web3 infrastructure provider admitted on Twitter that its aBNB token had been exploited and announced it’s working with exchanges to suspend trading. In a follow-up tweet, it also insisted that all underlying assets on Ankr Staking are safe and infrastructure services unaffected.
Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.
— Ankr (@ankr) December 2, 2022
Initial reports by blockchain security company Peckshield revealed the unknown attacker had been able to mint and dispose of approximately 10 trillion aBNB. It also found that some of the stolen funds had been transferred to the Tornado Cash mixer. A portion was bridged through Celer and Debridgegate to ethereum.
On-chain analysis firm Lookonchain said the exploiter minted 20 trillion tokens and dumped them on Pancakeswap, obtaining at least $5 million in the stablecoin USDC. The price of the Ankr reward-bearing staked BNB (aBNBc) has since collapsed from over $300 to a little over $1.50, at the time of writing.
Peckshield explained that a smart contract for the aBNBc token had an unlimited mint bug which the hacker took advantage of. Another report suggested the attacker had managed to gain access to the Ankr deployer key.
Binance Freezes $3 Million Worth Of Moved Funds
BNB Chain confirmed it was aware of the attack and has blacklisted the exploiter. Binance founder and CEO Changpeng Zhao tweeted that a developer private key was hacked and the hacker used it to update the smart contract. The exchange has frozen about $3 million of funds moved to its platform.
Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.
— CZ Binance (@cz_binance) December 2, 2022
Meanwhile, the BNB Chain-based destablecoin hay, that CZ referred to in his tweet, has lost its $1 peg, also as a result of an apparent exploit which was confirmed by the team of Helio Protocol. The token is currently trading at a little over $0.65.
The attacks come in a year of numerous security exploits targeting defi and crypto platforms. According to blockchain forensics firm Chainalysis, the resulting losses in 2022 amount to $3 billion. In early October, BNB Chain was temporarily paused following a hack that cost close to $600 million.
Tags in this story
aBNB, aBNBc, Ankr, Attack, Binance, bnb, BNB Chain, bug, Crypto, crypto exchange, Cryptocurrencies, Cryptocurrency, CZ, decentralized finance, DeFi, Defi protocol, Exchange, Exploit, Hacker, Hackers, hacking attack, hay, Helio, minting, Token, Tokens
What are your thoughts on the latest exploit in the defi space? Share them in the comments section below.
Lubomir Tassev is a journalist from tech-savvy Eastern Europe who likes Hitchens’s quote: “Being a writer is what I am, rather than what I do.” Besides crypto, blockchain and fintech, international politics and economics are two other sources of inspiration.
Image Credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.
More Popular News
In Case You Missed It
NFT Sales Volume Saw a Small Uptick This Week — Moonbirds, Mutant Apes Take Top Sales
Non-fungible token (NFT) sales saw a small uptick over the last week as $658.4 million in NFT sales were recorded, up 3.35% in seven days. Out of 15 blockchains, Polygon-based NFT sales saw the largest increase in volume, jumping 106.68% … read more.