Web3 protocol Ankr reports $5M in damages following BNB token exploit

A web3 infrastructure platform Ankr has reported that the approximate damage caused by the ongoing exploit might account for as much as $5 million worth of BNB tokens. The announcement follows the platform’s halt on trading after confirming an attack in the wee hours of Dec. 2 by an unknown attacker who had gained access to one of the tokens.

The team at Ankr has assessed the damage and it is max 5M USD worth of BNB from the liquidity pools.

We are currently working hard to resolve this issue efficiently and we would like to propose the following to address the current situation:

— Ankr (@ankr) December 2, 2022

Call to stop trading

According to the company, the attack has caused a major scare in the network because of the rate at which the attacker continues to mint tokens. The exploiter has now transferred 900 BNB into an Ethereum-based mixer Tornado Cash. Ankr has confirmed that the experts are working around the clock to restore normalcy amid the multi-million dollar exploit.

The BNB Chain recently propelled a new method of liquid staking through Ankr that enables users to allocate BNB tokens to the liquid staking agreement and obtain aBNBc. Currently, the exploit has led to a drop aBNBc price by around 99.5%. It is now trading at $1.52, CoinMarketCap data shows.

Recommended action to exchanges

Responding to the attack, Ankr asked exchanges to stop trading the compromised token immediately because it was one of the ways to take care of the attack. Halting trading of the compromised token will also protect investors from losing their investments.

The exploit calls for alarm because it has cut deep into the network since the attacker is purported to mint more than 20 trillion Ankr Reward at the time of discovery. The exploiter used services such as Tornado Cash, Uniswap, and other major conduits to befuddle the money, where he has been able to accumulate about $5 million worth of coins.

Vulnerability levels

The vulnerability levels of cryptocurrency are now under discussion because hackers pose a major threat to the well-being of crypto. The exploit might have occurred due to a fault from smart contract protocols or private keys compromise.

0x8d… took advantage of the Ankr loophole, used 10 BNB to exchange 183,384.92 aBNBc, and then converted to hBNB and staked it into Helio Protocol to lend more than $16m BHAY0 and exchanged it into HAY0. The stablecoin HAY once fell to $0.2. https://t.co/TcpfWTVwlx https://t.co/QO9tFImgB9

— Wu Blockchain (@WuBlockchain) December 2, 2022

According to security analysts, the fault may have resulted from the technical upgrade conducted by Ankr some hours before the attack.

The platform has pronounced that the attack only affects the specific token and has not spread to other areas. On its Twitter account, it assured the investors of the safety of other assets under Ankr. They specified that the other entire infrastructure was safe from the attack. They assured investors of the safety of their investments since the attack did not affect other parts of the infrastructure.

Response from exchanges

One of the major exchanges, Binance, in a tweet, responded to its users and the public. Binance CEO also confirmed the attack.

Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.

— CZ 🔶 Binance (@cz_binance) December 2, 2022

Binance indicated that their team was engaged in investigating the matter further. The tweet reads, “We are aware of the attack targeting Ankr’s aBNBc token. Our team is engaged with the relevant parties and BNBCHAIN to investigate further. This is not an attack against Binance, and your funds are SAFU on our exchange. This thread will be updated should there be any updates.”