thecryptobasic.com
Ankr is under attack, and the exploiter has made away with at least $5 million in tokens.
Ankr Protocol, a decentralized Web 3 infrastructure provider, has been hacked, per reports from multiple blockchain security and analytics services.
PeckShieldAlert first reported the exploit about 3 hours ago, revealing that the attacker had minted about 10 trillion aBNB, which he promptly dumped, driving the token’s price to zero in mere minutes. Per a follow-up tweet from PeckShieldAlert, the exploiter has moved 900 BNB ($253k) to the on-chain mixing service Tornado Cash. The hacker has also bridged tokens to ETH and USDC, holding about 3k ETH ($3.8M) and 500k USDC.
#PeckShieldAlert Seems like @ankr has been exploited, $aBNBc has dropped -50%, tons of $aBNBc have minted to https://t.co/nyfwdd6fWI
and the exploiter transferred some of the stolen funds to Tornado cash or bridged them via celer and deBridgeGate to Ethereum @peckshield pic.twitter.com/vK94dIEWIt— PeckShieldAlert (@PeckShieldAlert) December 2, 2022
#PeckShieldAlert Ankr Exploiter has transferred 900 $BNB (~$253k) into Tornado Cash & bridged $USDC & $ETH to Ethereum, the exploiter currently holds 3k $ETH (~$3.8M) & 500k $USDC
Ankr Exploiter currently holds 19,999,999,972,926 $aBNBc & becomes the 13th largest holder of $aBNBc pic.twitter.com/TioTnuFqbP— PeckShieldAlert (@PeckShieldAlert) December 2, 2022
Notably, both Lookonchain and BowTiedPickle report that the exploiter, at some point before the hack managed to gain access to the Ankr deployer key. As written by BowTiedPickle, using this key, the attacker could change the upgradeable aBNB token’s code, allowing him to mint the token arbitrarily.
As highlighted by one user, the attacker made the malicious code publicly accessible. Consequently, following the initial attack, others rushed to mint the token in excess. However, they are unlikely to make a profit as the BNB liquidity for aBNB on pancake swap has already dried up per data from DEXSCREENER. Notably, BscScan puts the circulating aBNB at 115.792 octodecillion.
Meanwhile, some traders have taken the opportunity to profit from “no-risk” trades. Remarkably, one user made a $15 million profit using 10 BNB by hopping from aBNB to hBNB on the Helio protocol and exchanging it for HAYO.
#PeckShieldAlert 0x8d11F…217 is capitalising off the $aBNBc exploit,
10 $BNB -> 183,384.92 $aBNBc->$hBNB and staked them into Helio Protocol to lend ~$16M BHAY0 & exchanged them into $HAY
Profit: ~$15Mhttps://t.co/YLwhIENcL7$HAY has dropped -61% https://t.co/EKPrYojuHY pic.twitter.com/txTKY042sd— PeckShieldAlert (@PeckShieldAlert) December 2, 2022
It bears mentioning that the Ankr team is aware of the exploit. As a result, they issued a statement saying they are working to halt trading on exchanges.
“Our aBNB token has been exploited, and we are currently working with exchanges to halt trading, ” Ankr tweeted immediately. “All underlying assets on Ankr Staking are safe at this time, and all infrastructure services are unaffected.”
Meanwhile, Binance says it is also investigating the matter clarifying that it is not an attack on the crypto exchange.
At the time of writing, it is difficult to estimate how much value holders have lost as aBNB has crashed to zero. But, on the other hand, BNB remains largely unaffected, trading at $288.44, only down 2.5% in the last 24 hours.
This year has been rife with crypto hacks. In October, hackers exploited a BNB chain-linked bridge for about 2 million BNB worth more than $500 million.