There are many ways to begin a new month in the crypto industry but being hacked and exploited was probably different from what the Binance Chain (BNB) Decentralised Finance (DeFi) protocol, Ankr, had in mind on December 1.
Ankr had taken to Twitter an hour after the supposed attack to alert the crypto community that it had been exploited and the hacker had carted away with $5 million worth of USDC. The attack was initially noticed by an on-chain security analyst, PeckShield, which informed the world that Ankr’s aBNBc token (Ankr Reward Bearing Staked BNB) had an “unlimited mint bug” that was exploited to maximum heights.
According to a post by Lookonchain, an on-chain analysis company, the hacker had supposedly minted about 20 trillion aBNBc tokens and has since transferred and converted these tokens on UniSwap, Tornado Cash, and many other crypto services to swap and clear the stolen funds into $5 million.
In order not to arouse fear and anxiety from the investors and holders of the Decentralised Finance protocol Ankr, the analysis firm, Lookonchain also added that every underlying product on Ankr Staking was safe and all infrastructure services were untouched.
The sudden news of this hack was unexpected but not surprising, given the recent events in the crypto market. According to Beosin, the attack was likely carried out due to exposures in the smart contract code and a compromise of the deployer’s private key, which could have probably been exposed in a recent technical upgrade by the Ankr team hours before the attack.
The aftereffects of the attack proved deadly to Ankr as the BNB Chain-based DeFi protocol confirmed the attack today and announced that it would be working with crypto exchanges to halt all trades until the issue has been resolved.
“Our aBNBc token has been exploited, and we are currently working with exchanges to immediately halt trading,” Ankr posted on its Twitter page early today.
According to data from CoinMarketCap, Beosin noticed that the abundant minting of the aBNBc token had caused the token’s price to fall drastically to 99.5%, from $303.89 to $1.53. This was not the ‘happy new month’ greeting that Ankr had anticipated, as it also joined in with those experiencing the crypto winter.
The attacker could have used the deployer’s private essential liberties and saw an opportunity to mint 20 trillion aBNBc tokens, ultimately escaping with $5 million. Fortunately, the parent blockchain—Binance, announced later that it had intercepted a transaction by the attacker and froze about $3 million.
One of the world’s most popular cryptocurrency exchanges, Binance, had been vocal about the tragic incident with Ankr and had blacklisted the attacker’s address, alerting the public that it was discussing with Ankr and would try to get to the root of the problem by investigating.
“We are aware of the attack Ankr’s aBNBc token… leading to a substantial amount of new aBNBc being minted. The exploited has been blacklisted,” BNB Chain said on its Twitter page.
As a result of the 20 trillion aBNBc token (Ankr Reward Bearing Staked BNB) exploit, the attacker has now become the thirteenth largest holder of the token.
However, blames are being thrown on the BNB Chain DeFi protocol, Ankr, as PeckShield, the security company, had performed an audit of Ankr a few months ago and alerted the firm of possible issues with the admin keys. Ankr had acknowledged the warning but probably did not rectify the problem, which has now come back to bite it in the rear with an attacker exploiting and carting away 20 trillion of its aBNBc token.
A Trader Takes Advantage Of The Chaotic Moment
Amidst all the chaos within the Ankr company, a trader looking to profit had taken advantage of the Ankr hack and made $15.5 million using only 10 BNB.
After the damaging blow that the aBNBc token received, lowering its price to an all-time low amount, Lookonchain announced that a trader had taken advantage of the situation by purchasing 183,885 aBNBc tokens with 10 BNB. The trader then deposited the aBNBc tokens on Helio Protocol and borrowed 16 million Helio Protocol tokens (HAY).
Finally, the trader exchanged HAY tokens for BUSD$15.5 million (Binance USD). This made the trader’s profit amount to over 5000 times earnings beyond their initial capital.
Conclusion
Ankr began with a bad start into the new month by announcing that it had been exploited, with the attacker claiming 20 trillion aBNBc tokens ($5 million) due to a possible vulnerability from its deployer’s exposure private key or an unseen loophole in its smart contract code.
