- Ankr, a decentralized finance protocol built on the BNB Chain, suffered a $5 million exploitation on its network.
- As per Peckshield, the exploiter minted 20 trillion Ankr rewards bearing staked BNB (aBNBc).
- The exploiter dumped 20 trillion aBNBc on PancakeSwap.
- Ankr assured its community that all assets on its staking program were safe.
- The firm warned users against trading on the network and asked liquidity providers to stop providing liquidity.
- The Binance exchange has frozen about $3 million moved to its CEX following the hack.
On Thursday, a BNB Chain-based decentralized finance protocol, Ankr, suffered a $5 million exploitation on its network.
Notably, the popular blockchain security firm Peckshield was the first to break the exploitation news. According to Peckshield, the exploiter minted 20 trillion Ankr reward-bearing staked BNB (aBNBc).
#PeckShieldAlert Seems like @ankr has been exploited, $aBNBc has dropped -50%, tons of $aBNBc have minted to https://t.co/nyfwdd6fWI— PeckShieldAlert (@PeckShieldAlert) December 2, 2022
and the exploiter transferred some of the stolen funds to Tornado cash or bridged them via celer and deBridgeGate to Ethereum @peckshield pic.twitter.com/vK94dIEWIt
Shortly after, Lookonchain, an on-chain analysis firm, also announced the exploitation and said the exploiter dumped the minted 20 trillion aBNBc on PancakeSwap. Further, the analysis firm maintained that the exploiter had already exchanged the funds for more than $5 million worth of USD coins on Uniswap, Tornado Cash, and a host of others.
Later, Ankr itself confirmed the exploitation.
Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.— Ankr (@ankr) December 2, 2022
The DeFi protocol, however, assured its community of the safety of all underlying assets on its staking program. It also announced that the exploitation would not affect all its infrastructure services.
In a subsequent post, Ankr warned its users against trading on the network and asked liquidity providers among them to remove liquidity from DEXes. Furthermore, it promised to do a snapshot and provide users with the necessary information on the issue at the best possible time.
Binance Moves to Help Ankr, Freezes $3 Million
Following the hack, popular crypto exchange Binance pledged its support in recovering the stolen funds. According to its CEO, Changpeng Zhao, the exchange halted withdrawals a few hours ago. More so, Zhao said Binance has also frozen about $3 million moved to its CEX in connection to the hack.
Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.— CZ 🔶 Binance (@cz_binance) December 2, 2022
The BNB chain, the distributed blockchain network housing Ankr and other dApps, also reacted to the exploitation.
"We are aware of the attack on @ankr's aBNBc that happened earlier today, leading to a substantial amount of new aBNBc being minted. The exploiter has been blacklisted. Our community is on top of it, coordinating a response. We will provide more updates as they become available." BNB Chain stated.
Notably, the dApps on BNB chain have recently been prone to numerous exploitations. Recall that Bitkeep, a multi-chain crypto wallet, suffered a similar exploitation on the BNB chain in October. Reportedly, the hacker siphoned about $1 million through the exploitation after compromising the swap feature of the wallet.
In October, a cross-chain bridge, BSC token hub, endured exploitation on the BNB chain. The hacker stole one million BNB rewards and deposited them into a lending platform, identified as Venus protocol.
On the Flipside
- The crypto influencer Ignas pointed out that Ankr received an audit by Peckshield warning about ‘trust issues with admin keys.’ Though the team ‘confirmed’ the warning, it appears they had not fixed it, as the hacking incident occurred yesterday.
Why You Should Care
The recent exploitation adds to the long list of hacks the DeFi space has endured throughout this year, which have cost $3 billion. In this regard, the DeFi space has yet to transform its security infrastructure.