Ankr confirms exploit, asks for immediate trading halt

The BNB Chain-based decentralized finance (DeFi) protocol Ankr has confirmed it has been hit by a multi-million dollar exploit on Dec. 1.

The attacker was purportedly able to mint 20 trillion Ankr Reward Bearing Staked BNB (aBNBc), a reward-bearing token for BNB (BNB) staked on the protocol. The exploiter has since used services such as Uniswap, Tornado Cash, and various bridges to swap and obfuscate the funds and has successfully gained around 5 million USD Coin (USDC)

Seems that @ankr got hacked an hour ago!The exploiter minted 20T aBNBc and dumped it on #PancakeSwap.At present, the exploiter have successfully exchanged more than 5 million $USDC.https://t.co/hF1tgNYw0t pic.twitter.com/XIPjBi6wvs

— Lookonchain (@lookonchain) December 2, 2022

It's believed either a vulnerability in the protocol's smart contract or a compromise of private keys is to blame for the exploit.

Ankr only made a quick statement on its Twitter page that its "aBNB token has been exploited" and that it is currently working with exchanges to immediately halt trading of the compromised token.

Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.

— Ankr (@ankr) December 2, 2022

Cointelegraph contacted Ankr but did not receive an immediate response.

This is a developing story and more information will be added as it becomes available.

Airdrop culture could pose integral threat to DeFi industry   Dec. 31, 2021
Inverse Finance exploited again for $1.2M in flash loan oracle attack   June 17, 2022
BingChatGPT 'pump & dump' tokens emerging by the dozens: Peckshield   Feb. 21, 2023
Mango Market exploiter brags after rug pulling Mango Inu 'shitcoin'   Oct. 24, 2022
Nomad releases bridge relaunch guide after patching contract vulnerability   Dec. 8, 2022