Over $5M Stolen From Ankr Protocol, Binance Pauses Withdrawals
Another multi-million dollar hack has hit the decentralized finance space. The latest victim is BNB Chain-based DeFi protocol – Ankr. Initial reports suggest that a vulnerability in its code that enabled unlimited minting of tokens was exploited.
Ankr promptly confirmed the attack and added that it has reached out to other decentralized exchanges urging them to block trading. Tokens will be reissued after it completes assessing the situation.
- The attack was first detected by blockchain analysis firm PeckShield in the early hours of December 2nd. It revealed that the exploiter was able to mint 20 trillion Ankr Reward Bearing Staked BNB (aBNBc), a reward-bearing token for BNB staked on the protocol.
- The exploiter minted quadrillions of aBNBc tokens, of which 20 trillion was swapped for BNB.
- Several services, such as Uniswap, controversial coin mixer Tornado Cash, as well as bridges, were used to obfuscate the trail of ill-gotten funds. The BNB tokens were then swapped for 5 million USDC.
- Data from CoinGecko show that aBNBc lost all its value after the token was drained from liquidity pools on PancakeSwap and ApeSwap.
- Ankr issued a statement assuring the community that,
“All underlying assets on Ankr Staking are safe at this time, and all infrastructure services are unaffected. We are currently drafting a plan and we are committed to compensating affected users.”
- Addressing the hack, Binance CEO Changpeng “CZ” Zhao said that the crypto exchange has paused withdrawals.
- The exec also added that Binance froze about $3 million of the funds that the hackers transferred to the platform.