A few hours back, BNB chain based DeFi protocol Ankr was exploited. The team took Twitter to confirm the same. Despite the exploit, the team clarified that none of the infrastructure services were affected. In fact, they also asserted that all the staking assets were safe. The team stated,
“Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading. All underlying assets on Ankr Staking are safe at this time, and all infrastructure services are unaffected.“
Per on-chain data, the attacker was able to mint 20 trillion Ankr Reward Bearing Staked BNB (aBNBc). The said token, as such, is reward-enduring token for BNB staked on the protocol. Furthermore, the exploiter already exchanged more than 5 million USDC.
With respect to the transfers that followed, blockchain security and analysis firm PeckShield noted,
“Ankr Exploiter has transferred 900 $BNB (~$253k) into Tornado Cash & bridged USDC & ETH to Ethereum, the exploiter currently holds 3k ETH (~$3.8M) & 500k USDC. Ankr Exploiter currently holds 19,999,999,972,926 aBNBc & becomes the 13th largest holder of aBNBc.”
PeckShield’s analysis further revealed that the aBNBc token contract had an “unlimited bug.” Using another function to dodge the caller verification, the exploiter likely carried out the arbitrary mint.
Also Read: Crypto: Hacktober ends with over $3B in stolen assets in 2022
In a tweet on December 2, top crypto exchange Binance revealed that its team was engaged with relevant parties to investigate the matter further. It went on to assure that Binance’s user funds were not at risk. The exchange conveyed,
“We are aware of the attack targeting ankr’s aBNBc token. Our team is engaged with the relevant parties and BNBCHAIN to investigate further. This is not an attack against Binance, and your funds are SAFU on our exchange. This thread will be updated should there be any updates.”