- Ankr says a former employee abused the protocol via a supply chain attack.
- After issuing 6,000 trillion aBNBc tokens and eventually exchanging them for USD Coin (USDC), the attackers stole $5 million from the protocol.
- Ankr works with law enforcement to bring individuals to justice.
Decentralized finance (DeFi) protocol Ankr has revealed that a former member of the team was behind an exploit that stole $5 million from the platform.
Update Ankr It was published Its website says it was a former employee who orchestrated the supply chain attack.
The DeFi protocol noted that an attack in early December was caused by a malicious code package injected into the system by a former employee, compromising the protocol’s private keys after an update.
Ankr exploit was an ‘inside job’
During our internal work, we observed attackers stealing the Ankr Reward Bearing Stake (aBNBc). This is staking reward tokens that a user gets when staking her Binance Coin in her Ankr.
During the attack, hackers were able to create 6000 trillion aBNBc tokens. He then exchanged the minted tokens via the Tornado Cash mixer, eventually getting him a $5 million USD stablecoin USD Coin (USDC).
Ankr said it is working with law enforcement to help prosecute the individual.
In the aftermath of the exploit, Ankr worked on a reimbursement plan for affected users and liquidity providers. The Web3-native organization has moved to fix aBNBc borrowing platform Helio’s breach by restabilizing the HAY price.
The team also airdropped ankrBNB to customers who lost aBNBc or aBNBb tokens, and airdropped BNB to all affected DeFi liquidity providers.