BNB Chain-based DeFi protocol Ankr becomes the latest victim of a hack attack, with the hacker minting and exploiting millions worth of its aBNBc token.
According to security analytics firm Peckshield, the hacker quickly dumped some of the tokens onto Celer bridge, debridge, BSC’s Tornado Cash implementation, etc to swap, bridge, and move assets to Ethereum.
On-chain Nansen data revealed the hacker minted like 6 quadrillions worth of aBNBc, a reward-bearing token for BNB staked on Ankr.
Another on-chain analyst Lookonchain stated that the exploiter minted 20T aBNBc and dumped it on the DeFi exchange PancakeSwap. The exploiter managed to exchange more than 5 million USDC.
Cybersecurity specialist firm Ancilia provided more details about the Ankr exploit. It stated that 10 billion aBNBc tokens were minted by the attacker and sent to another address. The aBNBc tokens are now being swapped to wrapped BNB (wBNB) and USDC.
Ankr exploiter’s second address started transferring the assets via Tornado cash and cBridge. At the moment, the exploiter moved around $4,290,020.49 ( $1,273.55/ETH) to Ethereum.
Ankr protocol acknowledged the exploit tweeting, “Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.”
Ankr added that all underlying assets on Ankr Staking are safe at this time, and all infrastructure services are unaffected.
Binance came forward with their statement saying they are aware of the attack targeting Ankr’s aBNBc token, and the team is engaged with the relevant parties and BNBchain to investigate further.
The community is trying to identify what caused this exploit, with some even claiming it’s an insider job. Nansen Technician Andrew Thurman speculates the exploiter address was originally seeded ETH by a contract deployer address, which in turn got some ETH from various official Ankr addresses, including the Ankr deployer address.
Some suggest that the deployer’s private key was compromised, the hacker then deployed an attack contract, changed the upgradeable aBNBc contract to the malicious implementation, and then minted 10B aBNBc tokens to the attacker’s wallet.
The exploit led the price of aBNBc to drop 99.5% from $303.89 to $1.50 in a short period of time.
Also Read:Â Binance Smart Chain Halts Following Potential Exploit of $100M
