BNB Chain-Based Defi Protocol Ankr Exploited For Over $5M

Ankr, a decentralized finance (DeFi) protocol that calls itself the first “node of service,” has been exploited by hackers to mine millions of dollars worth of aBNBc tokens. This Binance (BNB) Chain-based DeFi platform confirmed its multi-million dollar exploit on Dec.1. The attack was first discovered by blockchain security research firm PeckShield around 12:35 am UTC on Dec. 2. Within an hour of the attack, Ankr tweeted that:

Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.

Ankr is a decentralized Web3 infrastructure provider for the BNB Chain ecosystem that connects stakers on several blockchains, developers and decentralized applications. It enables users to set up and run nodes remotely and offers many staking options. Its native ANKR token can be used for voting on governance proposals, staking, and as a payment method for accessing services on the ANKR network.

According to PeckShield, a bug in Anker’s code is behind the exploit that allowed the hacker to mint six quadrillions of the Ankr Reward Bearing Staked BNB (aBNBc) token without any kind of verification.

After minting quadrillions of aBNBc tokens, the attacker managed to exchange 20 trillion of them for BNB. The attacker then transfers them to Tornado Cash, a decentralized cryptocurrency tumbler, to cover his tracks. The BNB token was then exchanged for 5 million USDC. The Ankr protocol wrote:

The team at Ankr has assessed the damage and it is max 5M USD worth of BNB from the liquidity pools. We are currently working hard to resolve this issue efficiently and we would like to propose the following to address the current situation.

According to CoinGecko data, as the hacker has nearly completely drained the aBNBc liquidity pools on ApeSwap and PancakeSwap, the token lost nearly 99% of its value.

Ankr issued a statement that all staked assets within the protocol are currently safe.

BNB Chain confirmed that it was aware of the hack and blacklisted the attacker. Addressing the hack, Binance founder and CEO Changpeng Zhao said that the crypto exchange has halted withdrawals. The exchange also froze about $3 million in funds that the exploiter had transferred to the platform.

Binance CEO stated that the exploiter used the stolen aBNBc to borrow $16 million of the HAY stablecoin and then converted them into BUSD. The HAY stablecoin lost its $1 peg, hitting a low of 20 cents due to an apparent exploit. According to CoinMarketCap, it is now recovering and trading a little over $0.90. The native token of Binance, BNB, also fell nearly 5% due to the hack, going from $300 to $286.