DeFi protocol Ankr hacked as aBNBc price collapses to zero
Hackers attacked the DeFi protocol Ankr and minted a large amount of aBNBc tokens. The price of the staking-based synthetic asset collapsed to zero.
Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.
— Ankr (@ankr) December 2, 2022
The project team confirmed the incident and reassured users that their funds were safe. It pledged to reissue aBNBc and reimburse losses based on the account snapshot.
Further instructions from the Ankr team:
1. Do not trade
2. Remove liquidity from DEXes if you are a liquidity provider (and keep the aBNBc)
3. Snapshot will be done and wait for additional news
4. Will do a reissuance of aBNBc— Ankr (@ankr) December 2, 2022
According to PeckShield experts, the hacker earned about $15 million by borrowing assets backed by aBNBc via the Helio Protocol into the dollar-pegged stablecoin HAY. The price of the dollar-pegged stablecoin fell 61% at the moment.
#PeckShieldAlert 0x8d11F…217 is capitalising off the $aBNBc exploit,
10 $BNB -> 183,384.92 $aBNBc->$hBNB and staked them into Helio Protocol to lend ~$16M BHAY0 & exchanged them into $HAY
Profit: ~$15Mhttps://t.co/YLwhIENcL7$HAY has dropped -61% https://t.co/EKPrYojuHY pic.twitter.com/txTKY042sd— PeckShieldAlert (@PeckShieldAlert) December 2, 2022
Lookonchain researchers determined that the hacker obtained about 4 million USDC and 5,000 BNB through swaps. He swapped the latter mainly for Centre’s stablecoin, and sent 900 BNB to the Tornado Cash mixer.
3.
He exchanged a total of 4,050,500 $USDC and 5,000 $BNB ($1.5M)
And he exchanged 4,500 $BNB for 1,293,087 $USDC, and deposited 900 $BNB into https://t.co/11PfRBP2j2. pic.twitter.com/61OlF50YJS
— Lookonchain (@lookonchain) December 2, 2022
The exchange said the hack did not affect platform users and their funds are safe on the exchange.
We are aware of the attack targeting @ankr‘s aBNBc token. Our team is engaged with the relevant parties and @BNBCHAIN to investigate further.
This is not an attack against #Binance, and your funds are SAFU on our exchange. This thread will be updated should there be any updates.
— Binance (@binance) December 2, 2022
DeFi analyst under the pseudonym Ignas.lens noted that PeckShield’s audit warned of a vulnerability in the administrator key that would enable privileged minting of aBNBc. However, the team ignored the warning.
Another example that just having an audit, doesn’t mean it’s safe.
Ankr received an Audit from Peckshield warning about ‘trust issue of Admin Keys’ which has privileged minting aBNB tokens.
The team ‘Confirmed’ the warning, but it seems they have not fixed it. https://t.co/ypMSepPco8 pic.twitter.com/KOKCkSTuQZ
— Ignas.lens | DeFi Research (@DefiIgnas) December 2, 2022
PeckShield noted that another address extracted profits from the breach. Its owner transferred to Binance about 3.5 million BUSD and about 1.63 million USDC.
#PeckShieldAlert A PeckShield community contributor has detected that 0x9bae…9fc7 also capitalized off the $aBNBc exploit (Ankr & Hay) and transferred profit ~$3.5M to Binance ~1.87M $Binance-Peg BUSD and ~1.63M $Binance-Peg USDC @cz_binancehttps://t.co/I6PIqHsgUN pic.twitter.com/4JnNO3qZuw
— PeckShieldAlert (@PeckShieldAlert) December 2, 2022
The founder and head of the platform, Changpeng Zhao, confirmed that the team is monitoring the situation. The exchange has frozen the hacker’s assets worth about $5 million, he did not specify which assets.
Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.
— CZ 🔶 Binance (@cz_binance) December 2, 2022
Against the backdrop of the incident, the price of the BNB-based synthetic asset collapsed to zero, according to CoinGecko.
As noted, in November losses from hacks across crypto projects amounted to $391.6m, according to PeckShield. The bulk of the sum came from the theft of funds from bankrupt FTX ($340m) and the hack of the Deribit hot wallet ($28m).
Follow ForkLog’s bitcoin news on our Telegram — cryptocurrency news, prices and analytics.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!
Материалы по теме