Over $5M Stolen From Ankr Protocol, Binance Pauses Withdrawals

Another multi-million dollar hack has hit the decentralized finance space. The latest victim is BNB Chain-based DeFi protocol – Ankr. Initial reports suggest that a vulnerability in its code that enabled unlimited minting of tokens was exploited.

Ankr promptly confirmed the attack and added that it has reached out to other decentralized exchanges urging them to block trading. Tokens will be reissued after it completes assessing the situation.

• The attack was first detected by blockchain analysis firm PeckShield in the early hours of December 2nd. It revealed that the exploiter was able to mint 20 trillion Ankr Reward Bearing Staked BNB (aBNBc), a reward-bearing token for BNB staked on the protocol.
• The exploiter minted quadrillions of aBNBc tokens, of which 20 trillion was swapped for BNB.
• Several services, such as Uniswap, controversial coin mixer Tornado Cash, as well as bridges, were used to obfuscate the trail of ill-gotten funds. The BNB tokens were then swapped for 5 million USDC.
• Data from CoinGecko show that aBNBc lost all its value after the token was drained from liquidity pools on PancakeSwap and ApeSwap.
• Ankr issued a statement assuring the community that,

“All underlying assets on Ankr Staking are safe at this time, and all infrastructure services are unaffected. We are currently drafting a plan and we are committed to compensating affected users.”

• Addressing the hack, Binance CEO Changpeng “CZ” Zhao said that the crypto exchange has paused withdrawals.
• The exec also added that Binance froze about $3 million of the funds that the hackers transferred to the platform.

The team has also issued an official statement on the above, where the CEO said:

“Thanks to the fast actions from the Ankr team and various protocols, we were able to minimize any damage done extremely quickly. Hacks and exploits from bad actors like this are an unfortunate possibility in Web3, even with every attention to detail in security processes – but we were well prepared. Unlike previous events in the space this year, we are doing the right thing by our community and ensuring that this is taken care of immediately with lost funds restored.”