Ankr successfully patches hack, will reimburse victims and take actions to prevent further attacks

abdelaziz Fathi

DeFi protocol Ankr plans to reimburse its affected users after a hacker managed to exploit a bug in its code that allowed for unlimited minting of its liquid staking token.

The team behind the BNB Chain-based protocol wrote a blog post that described in detail exactly what happened and the primary steps they are taking to proactively prevent attacks from happening in the future. 

Ankr identified the exploit on December 1, which came from vulnerabilities in the smart contract code. Specifically, the malicious actors gained access to the team’s developer private key and altered the smart contract for its BNB liquid staking token (aBNBc). 

The team further explains that the hack allowed the exploiters to deploy a new version of aBNBc smart contract, which gave them the ability to mint about 60 trillion coins while bypassing verification. Then, the attacker swapped the minted aBNBc tokens, which represents a staked version of BNB token, for USDC stablecoin and moved them off Binance chain onto Ethereum and funneled through crypto mixer Tornado Cash. 

According to the post, Ankr estimates the damage to be $5 million worth of BNB across liquidity pools in various DEXes. At this stage, they are identifying liquidity providers that have been affected by the exploit due to the drainage of liquidity pools. Next, Ankr will purchase $5 million worth of BNB and use this to compensate the victims.

“Thanks to the fast actions from the Ankr team and various protocols, we were able to minimize any damage done extremely quickly. Hacks and exploits from bad actors like this are an unfortunate possibility in Web3, even with every attention to detail in security processes – but we were well prepared. Unlike previous events in the space this year, we are doing the right thing by our community and ensuring that this is taken care of immediately with lost funds restored,” said Chandler Song, Co-Founder & CEO at Ankr.

What are the next steps for Ankr?

In an announcement to its community, Ankr emphasized that they will discontinue aBNBc and aBNBb tokens with immediate effect. Instead, new ankrBNB tokens will be minted and airdropped to affected users. This is by far the most important security measure, as the attack solely affected aBNBc, and other tokens were safe. 

To do that, Ankr is currently going through the process of taking a snapshot to airdrop the newly-released ankrBNB tokens to affected users based on the balances they had before the exploit. 

Meanwhile, Ankr alerted all users not to trade aBNBc or speculatively buy it at a discount. After proper identification, they just need to wait for the ankrBNB airdrop, which will be proportional to the amount of aBNBc and aBNBb that pre-hack users held. 

The attack on Ankr was relatively small in comparison with other recent attacks on DeFi projects, which have seen more than $3 billion stolen from various crypto protocols so far in 2022.

While the protocol has been through a few dark days, this is a learning experience. Additionally, this action plan is said to allow Ankr to more rapidly restore value to legitimate token holders while also accelerating the planned migration to an upgraded contract.

Read this next

blockdag

BlockDAG Targets 20,000x ROI, Excels Beyond Litecoin’s Rise, and Enhances Ethereum Layer 2 Activity

Explore BlockDAG’s promising 20,000X ROI as it leads, with significant developments in Ethereum Layer 2 and a surge in Litecoin’s value post-Dencun upgrade.

Digital Assets

Hong Kong regulators approve spot Bitcoin and Ether ETFs

Hong Kong-based asset managers received approval from regulators on Monday to launch spot Bitcoin and Ether ETFs.

Digital Assets

Vitalik Buterin backs Railgun with $350K, RAIL price triples

Privacy cryptocurrency Railgun (RAIL) skyrocketed over 250% following a positive comment from Ethereum co-founder Vitalik Buterin.

Digital Assets

Uniswap hits $2 trillion in trading volume ahead of SEC’s lawsuit

Decentralized finance (DeFi) exchange Uniswap crossed $2 trillion in total trading volume despite escalating competition from other networks and regulatory setback.

blockdag

BlockDAG’s $17.3M Presale Success Elevates Security Beyond Ethereum Classic Value and Fantom Trends

Explore how BlockDAG’s advanced security with batch 9 entry and $17.3M raised outshines Ethereum Classic value and Fantom’s market moves.

Institutional FX

Finalto secures two prestigious awards at iFX EXPO LATAM 2024

Trading software and liquidity services provider Finalto received two accolades at the iFX EXPO LATAM 2024 held in Mexico City earlier this month.

Chainwire

SEABW Turns the Spotlight on Southeast Asia’s Flourishing Web3 Landscape With Over 40 Side Events and an All-encompassing Agenda

Southeast Asia Blockchain Week (SEABW), a premier blockchain conference exploring the evolving landscape of Web3 in the Southeast Asia region, is proud to announce that there will be over 40 side events, web3 meetups, workshops, and social gatherings.

Digital Assets

Landesbank Baden-Württemberg to offer crypto custody

Germany’s largest federal bank, Landsbanki Baden-Württemberg (LBBW), partnered with Austrian-based Bitpanda to provide “investment-as-a-service” infrastructure for cryptocurrencies. The new service will offer institutional and corporate clients the ability to store and procure digital assets such as bitcoin and ether.

Digital Assets

VALR Secures Regulatory Licenses from FSCA as a Leading Crypto Asset Service Provider in South Africa

VALR, the prominent crypto exchange backed by Pantera Capital and based in Johannesburg, has achieved a significant regulatory milestone by obtaining both a Category I and Category II license from the Financial Sector Conduct Authority (FSCA) of South Africa.

<