According to the latest reports on 2nd December 2022, it has been confirmed that Ankr Protocol, a decentralized Web 3 infrastructure provider, has been hacked.
On 2nd December 2022 at 7:05 am, PeckShieldAlert reported the exploit of Ankr. At first, Ankr Reward Bearing Staked BNB Price (aBNBc) dropped -50%. About 15 minutes later, it was revealed that the exploiter had minted about 10 Trillion aBNB, which he promptly dumped, resulting in the token’s price to drop at zero in mere minutes.
In a follow-up tweet by PerkShieldAlert, they informed that the attacker has moved 900 BNB ($253k) to the on-chain mixing service Tornado Cash. The exploiter also bridged tokens to USDC and ETH to Ethereum, holding about 3k ETH worth $3.8M and 500k USDC. With this, they became the 13th largest holder of aBNBc.
According to Web3Maker.Eth, “When the original attacker upgraded the contract, he made the malicious function publicly accessible.” They further provided the details of the transaction and reported that Ankr’s aBNBc contract was hacked and upgraded.
After the initial attack, others rushed to mint the token in excess. However, it is unlikely that they can make a profit as the BNB liquidity for aBNB on pancake swap has already dried up as per data provided by DEXSCREENER. Other than that, BscScan has put the circulating aBNB at 115.792 octodecillion.
Ankr has also confirmed this exploitation and reported –
About half an hour later, they updated that – “All underlying assets on Ankr Staking are safe at this time, and all infrastructure services are unaffected.” The Ankr team tweeted the following instructions to deal with this situation-
Furthermore, they reported that they have been in touch with the DEXes and have informed them to block trading. In the future, they will reissue tokens after they are able to assess this situation. Currently, they are drafting a plan. The decentralized Web3 infrastructure provider also stressed that they are “committed to compensating affected users.”
It was reported by a Twitter user Lookonchain, that after dumping aBNBc the Ankr Exploiter bought 183,885 aBNBc with just 10 $BNB worth $2,879. Then they deposited these aBNBc into Helio Money as collateral and borrowed 16M HAY. Ultimately, they sold this 16M Hay and got 15.5M BUSD.
However, the exploiter couldn’t make a lot of money, only 107.65 BNB in total.
Another tweeter user Wombat Exchange posted an update informing that Hay pool has been paused due to this exploit.
The CEO of cryptocurrency exchange Binance, Changpeng Zhao, also known as CZ, posted on Twitter that a few hours ago Binance has paused withdrawals, and they have also froze about $3M that the hackers have moved to their CEX.