Ankr confirms exploit and demands immediate trading suspension

Decentralized-finance protocol said it is working with exchanges to immediately stop trading of its BNB staking rewards token, aBNBc.
BNB Chain-based decentralized finance (DeFi) protocol Ankr has confirmed that it was attacked by a multi-million dollar attack on Dec.1, the attack was first detected by on-chain security analyst PeckShield at about 12:35 am UTC on DEC.2.

Ankr confirmed on Twitter within an hour of the attack that the aBNB token had been exploited and that they’re working with exchanges to immediately stop trading of the compromised tokens.

Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.

— Ankr (@ankr) December 2, 2022

The attacker was reportedly able to mint 20 trillion Ankr Reward Bearing Staked BNB (aBNBc), a reward-bearing token for BNB staked on the protocol, according to the hacker.
According to a Twitter post from on-chain analysis firm Lookonchain, the exploiter has since used services such as Uniswap, Tornado Cash, and other bridges to swap and obfuscate the funds in order to gain around $5 million worth of USD Coin, according to a Twitter post.

it also stated in a subsequent post that “all underlying assets on Ankr Staking are safe at this moment, and all infrastructure services are unaffected,” according to the post.

Seems that @ankr got hacked an hour ago!

The exploiter minted 20T aBNBc and dumped it on #PancakeSwap.

At present, the exploiter have successfully exchanged more than 5 million $USDC.https://t.co/hF1tgNYw0t pic.twitter.com/XIPjBi6wvs

— Lookonchain (@lookonchain) December 2, 2022

According to Beosin, the exploit was likely the result of vulnerabilities in the smart contract code combined with compromised private keys, which may have come from a technical upgrade by the Ankr team about 12 hours ago.
The price of aBNBc fell  99.5%

@ankr has been exploited. $aBNBc has dropped -99.5%.
The hacker minted tons of $aBNBc and made a profit of 5,500 BNB (~$1.6 million)
The deployer changed the implementation contract to the vulnerable contract address before the attack (possibly due to private key compromise). pic.twitter.com/GJheXh0oDp

— Beosin Alert (@BeosinAlert) December 2, 2022

A Beosin spokesman said that it was possible that the deployer’s private key was exposed in the upgrade.
In a Dec. The team at the exchange is engaged with relevant parties to investigate the matter further.
The exploiter’s wallet address has been blacklisted by the BNB Chain.

We are aware of the attack on @ankr's aBNBc that happened earlier today, leading to a substantial amount of new aBNBc being minted. The exploiter has been blacklisted.
Our community is on top of it, coordinating a response. We will provide more updates as they become available.

— BNB Chain (@BNBCHAIN) December 2, 2022

CryptoNewsOrg– BINANCE – GET UP TO $700* ON SIGN UP

1) $100 Spot Trading Bonus*

2) 20% Trading Fee Discount For Life*

3) Plus $500 Unlockables*

Sign-Up Links: Binance Global

For more details visit the Binance Bonus Offer Page

*Terms & Conditions Apply