tokenist.com
DeFi protocol Ankr said in a tweet it will compensate the affected users following a $5 million hack earlier that drained its liquidity pool. Ankr suffered an exploit Friday due to a bug that allowed the attacker to mint an unlimited number of its aBNBc tokens.
Ankr to Buy $5M Worth of BNB to Compensate Affected Users
Decentralized finance (DeFi) infrastructure provider Ankr shared a series of tweets Friday to address the multi-million dollar hack that exploited the protocol’s liquidity pool. Ankr said the hacker stole a maximum of $5 million worth of aBNBc tokens, adding it will purchase that same amount of BNB to compensate the affected users.
“We will take a snapshot and reissue ankrBNB to all valid aBNBc holders before the exploit. The ankrBNB token will continue to be redeemable, while aBNBc and aBNBb will no longer be redeemable.”
– Ankr wrote in a tweet.
Further, the protocol will “purchase 5m worth of BNB and use this to compensate in totality the liquidity providers that have been affected by the exploit due to the drainage of the liquidity pool,” it added. Ankr added it is working to alleviate the situation and has adopted steps to prevent something similar from happening in the future.
Join our Telegram group and never miss a breaking digital asset story.
How the Ankr Hack Happened
Ankr has reportedly suffered an exploit due to a bug in its code that allowed the hacker to mint an unlimited number of its aBNBc tokens. The perpetrator minted roughly 6 million aBNBc tokens and exchanged them for BNB, which he then moved to the sanctioned crypto tumbler Tornado Cash. Finally, he swapped the BNB funds for a $5 million USD Coin (USDC).
The attack siphoned aBNBc liquidity pools on PancakeSwap and ApeSwap almost entirely, pushing the token’s value down by almost 99%, CoinGecko data showed. The attacker was able to mint such a high number of tokens without any verification, security research group PeckShield said in a tweet.
Moreover, one trader managed to take advantage of the exploit and swap 10 BNB for 15.5 million BUSD tokens, according to web3 data analysis provider Lookonchain. This person was able to do this through DeFi lending protocol Helio, which did not update the price of aBNBc immediately after the exploit.
The trader also took advantage of the token’s pre-crash pricing to borrow $16 million of HAY stablecoin, which he then turned into BUSD. aBNBc is currently trading at $1.51, down from the pre-crash price of more than $303.
Ankr represents the latest victim of a myriad of attacks on DeFi protocols which have been on the rise since 2021. Earlier this month, a Solana-based lending protocol was exploited for more than $1.2 million following an oracle attack.
Do you think policymakers should tighten regulations of DeFi to protect users from hacks? Let us know in the comments below.