BNB chain-based Defi protocol Ankr suffers from heavy exploitation – Defi Bitcoin News

Decentralized Web3 infrastructure provider Ankr has become the latest victim of a hacking attack targeting the defi area. The perpetrators who hit the platform were able to mint and steal a huge amount of tokens in a multimillion-dollar exploit.

Defi Protocol Ankr hit by Unlimited Mint Bug Exploit worth millions

Ankr, a decentralized finance protocol (defi) based on Binance’s BNB chain, has been exploited by a hacker who apparently used an unlimited minting flaw. On-chain analysts broke the news on social media and the attack, which occurred on December 1, was confirmed by Ankr.

On Friday, the Web3 infrastructure provider admitted on Twitter that its aBNB token had been exploited and announced that it is working with exchanges to halt trading. In a follow-up tweet, it also insisted that all underlying assets on Ankr Staking are safe and infrastructure services unaffected.

Our aBNB token has been exploited and we are currently working with exchanges to immediately halt trading.

— Ankr (@ankr) 2 December 2022

Initial reports from blockchain security company Peckshield revealed that the unknown attacker had been able to mint and dispose of approximately 10 trillion aBNB. It also found that some of the stolen funds had been transferred to the Tornado Cash mixer. A part was connected through Celer and Debridgegate to ethereum.

On-chain research firm Lookonchain said the exploiter minted 20 trillion tokens and dumped them on Pancakeswap, obtaining at least $5 million in stablecoin USDC. The price of Ankr reward-bearing BNB (aBNBc) has since collapsed from over $300 to just over $1.50, at the time of writing.

Peckshield explained that a smart contract for the aBNBc token had an unlimited flaw that the hacker exploited. Another report suggested that the attacker had managed to gain access to the Ankr deployment key.

Binance Freezes $3 Million in Moved Funds

BNB chain confirmed it was aware of the attack and has blacklisted the exploiter. Binance founder and CEO Changpeng Zhao tweeted that a developer key was hacked and the hacker used it to update the smart contract. The exchange has frozen around 3 million dollars of funds moved to the platform.

Possible hacks on Ankr and Hay. Initial analysis is that the developer’s private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance stopped withdrawals a few hours ago. Also froze about $3 million that hackers move to our CEX.

— CZ 🔶 Binance (@cz_binance) 2 December 2022

Meanwhile, the BNB Chain-based destabilcoin high that CZ referenced in his tweet has lost its $1 peg, also as a result of an apparent exploit that was confirmed by the team of Helio Protocol. The token is currently trading at just over $0.65.

The attacks come within a year of a number of security exploits targeting defi and crypto platforms. According to blockchain research firm Chainalysis, the resulting losses in 2022 amount to $3 billion. In early October, BNB Chain was temporarily halted after a hack that cost close to $600 million.

What are your thoughts on the latest exploitation in the defi space? Share them in the comments section below.

Lubomir Tassev

Lubomir Tassev is a journalist from tech-savvy Eastern Europe who likes Hitchens’ quote: “To be a writer is what I am, rather than what I do.” Besides crypto, blockchain and fintech, international politics and economics are two other sources of inspiration.