Ankr confirms exploit, asks for immediate trading halt

Published at: Dec. 2, 2022

The BNB Chain-based decentralized finance (DeFi) protocol Ankr has confirmed it has been hit by a multi-million dollar exploit on Dec. 1.

The attacker was purportedly able to mint 20 trillion Ankr Reward Bearing Staked BNB (aBNBc), a reward-bearing token for BNB (BNB) staked on the protocol. The exploiter has since used services such as Uniswap, Tornado Cash, and various bridges to swap and obfuscate the funds and has successfully gained around 5 million USD Coin (USDC)

Seems that @ankr got hacked an hour ago!The exploiter minted 20T aBNBc and dumped it on #PancakeSwap.At present, the exploiter have successfully exchanged more than 5 million $USDC.https://t.co/hF1tgNYw0t pic.twitter.com/XIPjBi6wvs

— Lookonchain (@lookonchain) December 2, 2022

It's believed either a vulnerability in the protocol's smart contract or a compromise of private keys is to blame for the exploit.

Ankr only made a quick statement on its Twitter page that its "aBNB token has been exploited" and that it is currently working with exchanges to immediately halt trading of the compromised token.

Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.

— Ankr (@ankr) December 2, 2022

Cointelegraph contacted Ankr but did not receive an immediate response.

This is a developing story and more information will be added as it becomes available.

Tags
Related Posts
Airdrop culture could pose integral threat to DeFi industry
EtherWrapped, a project designed to provide a yearly summary of users nonfungible token (NFT) activity, launched a little over eight hours ago to palpable fanfare within the crypto community. The website detailed a plan to airdrop YEAR tokens based upon quantitative engagement statistics in users' MetaMask wallet, or in simpler terms, their number of transactions, volume traded, a gas fees, among other data. Upon verification on EtherScan, a number of well-regarded developers and engineering experts in the space assessed the coding of the smart contract. Meows.eth noted that these parties saw a “presence of a function titled _burnMechanism,” but concluded …
Defi / Dec. 31, 2021
Inverse Finance exploited again for $1.2M in flash loan oracle attack
Just two months after losing $15.6 million in a price oracle manipulation exploit, Inverse Finance has again been hit with a flash loan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (wBTC). Inverse Finance is an Ethereum-based decentralized finance (DeFi) protocol and a flash loan is a type of crypto loan that is usually borrowed and returned within a single transaction. Oracles report outside pricing information. The latest exploit worked by using a flash loan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market …
Defi / June 17, 2022
BingChatGPT 'pump & dump' tokens emerging by the dozens: Peckshield
Blockchain security firm Peckshield has raised the alarm after finding dozens of tokens purporting to be related to artificial intelligence (AI) powered chatbot ChatGPT. In a Feb. 20 post, the firm revealed at least three "BingChatGPT" tokens appear to be part of honeypot schemes — a smart contract that tricks a user into sending Ethereum (ETH), which the attacker then traps and retrieves. According to Peckshield, at least two of the tokens identified have already lost nearly 100% of their value, while a third is at a 65% loss — in what is often referred to as a “pump and …
Blockchain / Feb. 21, 2023
Mango Market exploiter brags after rug pulling Mango Inu 'shitcoin'
In just over a week after pulling off the $117 million exploit of Mango Markets, Avraham Eisenberg is now boasting about making $100,000 rug-pulling a “shitcoin” called Mango Inu, again claiming he "did nothing wrong." Eisenberg recently ousted himself as one of the persons behind the recent $117 million exploit of the Solana-based decentralized finance (DeFi) platform Mango Markets, which he has also claimed was "legal." In an Oct. 23 post on Twitter, Eisenberg said the scheme involved deploying a “shitcoin" named Mango Inu, which he suggests was aimed at "exploiting bots" that gobble up newly launched tokens. Eisenberg said …
Blockchain / Oct. 24, 2022
Nomad releases bridge relaunch guide after patching contract vulnerability
The Nomad token bridge announced its relaunch guide after fixing the contract vulnerability that led to a $190 million exploit in August. According to a blog post from Dec. 7, the Nomad protocol will allow users to bridge back madAssets and access a pro-rata share of recovered funds. A redesign for the token bridge was also implemented by the Nomad team, said the company, explaining that without this redesign, the "first people to bridge back their madAssets would receive canonical tokens on a one-to-one basis until there were no canonical tokens left." To avoid this first-come, first-serve approach, the team …
Defi / Dec. 8, 2022