A bug in the platform’s code allowed the hacker to create 6 quadrillion coins

​aBNBc token rate collapses by 99,5% due to hacking of DeFi protocol Ankr

02.12.2022 - 08:00


5 min

What’s new? On December 2, Ankr, a DeFi protocol, was hacked, resulting in a $5 million loss. According to cybersecurity company PeckShield, the code underlying the Ankr contract allows any user to create an unlimited number of the protocol’s reward tokens without any verification. Through the exploit, the attacker issued 6 quadrillion aBNBc tokens, then exchanged 20 trillion aBNBc to BNB and moved them to the Tornado Cash crypto mixer. He then exchanged the BNB tokens for 5 million USDC stablecoins. As the hacker almost completely drained the aBNBc liquidity pools on the decentralized exchanges (DEXs) PancakeSwap and ApeSwap, the token lost 99,5% of its value. As of 07:40 UTC, the asset is trading at $1,52, according to CoinGecko.

Statement of the project’s representatives. The Ankr team urged users not to trade, remove liquidity from DEXs and keep the aBNBc (liquidity providers). According to the statement, the snapshot will be made soon. In addition, representatives of the protocol announced a reissuance of aBNBc.

The Ankr team later contacted DEXs to block token trading on the platforms. The reissuance of aBNBc will take place after the situation is assessed.

Analytics company Lookonchain reported that one trader was able to take advantage of the exploit and turn 10 BNB into 15,5 million BUSD stablecoins. He did this by taking advantage of Helio, a DeFi lending protocol, which did not have up-to-date prices for aBNBc after the crash.

The trader was also able to use the prices on aBNBc before the collapse to borrow $16 million from the low-traded HAY stablecoin and convert it to BUSD. HAY has since lost its peg to the dollar and is trading at $0,5782.

Crypto exchange Binance said it would help investigate the Ankr exploit. The company noted that this attack is not aimed at Binance and that its customers’ funds are safe.

According to Binance CEO Changpeng Zhao, initial analysis of the attack on Ankr and HAY showed that the developer’s private key was hacked. This allowed the hacker to replace the smart contract with a malicious one. Zhao also noted that Binance froze a transfer of about $3 million purportedly from the attacker.

According to analysts at Chainalysis, cryptocurrencies have lost more than $3 billion in hacks in 2022. On October 12 alone, four exploits of DeFi projects were recorded.

For the causes of the vulnerability of decentralized protocols, see GetBlock Magazine’s article.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy