The BNB Chain-based DeFi protocol Ankr has been the latest target of a hacking attempt, and the perpetrator has mined and exploited millions of dollars’ worth of the system’s aBNBc coin.
Peckshield, a company that specializes in security analytics, claims that the hacker promptly dumped part of the tokens over the Celer bridge, the debridge, the BSC’s Tornado Cash implementation, and other platforms in order to exchange, bridge, and shift assets to Ethereum.
On-chain Nansen data revealed the hacker minted like 6 quadrillions worth of aBNBc, a reward-bearing token for BNB staked on Ankr.
Another on-chain analyst Lookonchain stated that the exploiter minted 20T aBNBc and dumped it on the DeFi exchange PancakeSwap. The exploiter managed to exchange more than 5 million USDC.
Cybersecurity specialist firm Ancilia provided more details about the Ankr exploit. It stated that 10 billion aBNBc tokens were minted by the attacker and sent to another address. The aBNBc tokens are now being swapped to wrapped BNB (wBNB) and USDC.
Ankr exploiter’s second address started transferring the assets via Tornado cash and cBridge. At the moment, the exploiter moved around $4,290,020.49 ( $1,273.55/ETH) to Ethereum.
Ankr protocol acknowledged the exploit tweeting, “Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.”
Ankr also said that all of the underlying assets on Ankr Staking remain secure at the moment, in addition to the fact that the infrastructure services have not been disrupted.
Binance has issued a statement stating that they are aware of the assault that was launched against Ankr’s aBNBc coin, and that the team is now in communication with the appropriate parties as well as BNBchain in order to explore the matter further.
The community is now attempting to determine what triggered this vulnerability, and some members have even suggested that it was an inside job. Andrew Thurman, a Nansen Technician, has a theory that the exploiter address was given some ETH in the beginning by a contract deployer address, which in turn received some ETH from a variety of official Ankr addresses, including the Ankr deployer address.
Some people believe that the private key of the deployer was stolen, that a hacker then deployed an attack contract, that the hacker altered the upgradeable aBNBc contract to a malicious implementation, and that the hacker then minted 10 billion aBNBc tokens to the wallet of the attacker.
Because of the exploit, the price of aBNBc dropped dramatically, from $303.89 to $1.50, in a very short amount of time.
Compiled by Coinbold