- Ankr revealed that a former team member placed malicious code in their programs, leading to aBNBc exploits.
- Earlier, Ankr suffered a $5 million exploitation on its platform.
- The exploiter dumped 20 trillion aBNBc on PancakeSwap and later exchanged the funds on other platforms.
- Ankr claimed to have begun working with law enforcement to prosecute the former team member.
- The firm promised to tighten its internal HR procedures and safety measures to make its network more secure.
Web3 infrastructure provider Ankr has provided insight into the circumstance that led to exploiting its aBNBc tokens.
The protocol revealed in a recent blog post that it had identified a former team member as an architect of the security breach as he placed malicious code in their programs.
"A former team member (who is no longer with Ankr) acted maliciously to conduct a supply chain attack, inserting a malicious code package that was able to compromise our private key once a legitimate update was made," Ankr said.
Recall that in early December, the BNB Chain-based decentralized finance protocol suffered a $5 million exploitation on its network. Blockchain security firm, Peckshield first raised the alarm of the exploitation.
The exploiter minted 20 trillion Ankr reward-bearing staked BNB (aBNBc). Later, in a Twitter post, Lookonchain, an on-chain analysis firm, confirmed the exploitation, maintaining that the exploiter dumped the minted 20 trillion aBNBc on PancakeSwap. Afterward, the exploiter reportedly exchanged the funds for more than $5 million worth of USD coins on Uniswap, Tornado Cash, and others.
The Ankr team has been investigating the incident, which led it to its former team member.
Ankr Working With Security Agents to Prosecute Ex-Team Member
The protocol further stated that it has started working with law enforcement to prosecute the former team member. More so, Ankr promised to shore up its internal HR processes and safety measures to strengthen the network’s security. As part of its security plans, the firm has committed to working on the following aspects:
- Integrating multisig authentication and timelocks for updates
- Enhancing internal security measures
- Implementing a new monitoring and notification system
- Refinement of DeFi protocol working procedures
Ankr said it had taken several measures to minimize the effect of the exploitation on its users. According to the protocol, it used an Advanced API Tool to locate every aBNBc token holder in 10 seconds and has determined a reimbursement plan for them. According to reports, Ankr airdropped BNB tokens to affected users on Dec. 2.
On the Flipside
- Although Ankr has made some good statements lately regarding the stability of its ecosystem, its token Ankr dipped in value. At press time, Ankr is trading at $0.0175, down from its seven-day peak of 0.0212.
Why You Should Care
Blockchain security firm Beosin suggested the exploit was likely due to vulnerabilities in the smart contract code. In addition, the Ankr team might have compromised private keys through a technical upgrade about 12 hours ago. However, recent statements from Ankr have cleared some doubts.
You may also like: