Ankr decentralized-finance protocol suspends trading of BNB token – aBNBc. The BNB chain-based DeFi protocol admitted on December 1 to suffering a million-dollar exploit.

Ankr announcement coincided with PeckShield, an on-chain security firm, discovering the attack at 12.35 UTC on December 2. An hour later, Ankr’s confirmatory tweet revealed the exploitation of aBNB token. The tweet added that Ankr had informed exchanges about suspending the compromised aBNB token from trading.  

Discovery of Ankr Attack

Ankr confessed the attacker minted 20 trillion Ankr Reward Bearing Staked BNB (aBNBc). The admission that the reward-bearing token was comprised for the BNB staked on DeFi protocol indicates Ankr has been a target in the recent exploits detected by Compound Finance and Aave.

A subsequent Twitter post by on-chain analysts company Lookonchain showed the exploiter leverages Tornado Cash and Uniswap to swap the proceeds. Lookonchain tweet indicated the attacker earned $5 million Coin from the exploit. The on-chain analyst acknowledged that other underlying assets within the Ankr Staking were secure and infrastructure services were uninterrupted.  

Potential Loopholes that Facilitated Attack

Commenting on the attack, Beosin Co. Ltd indicated the exploiter leveraged the vulnerabilities within the smart contracting codes. Further, the blockchain security firm associated the attack with the possibility that private keys were compromised during the technical upgrade executed by the Ankr team 12 hours earlier. 

The DeFi protocol initiated the upgrade to introduce nomenclature and model changes to the reward-bearing tokens. The upgrade targeted swapping the reward-earning tokens to b-tokens. The change targets delivering a consistent nomenclature standard for the bearing tokens, including AnkrETH, AnkrBNB, and AnkrAVAX from the previous aETHc, aBNBc, and aAVAVXc, respectively. 

Minting Episode Erodes aBNBc Value

Beosin illustrated the minting episode by the exploiter eroded 99.5% of aBNBc value from $303.89 to $1.53 in an hour, as shown in the CoinMarketCap data. At press time, 0629 UTC, ANKR is exchanging hands at $0.02154, indicating a 4.69% decline in the past 24 hours. Beosin representative considered the exploiter tapped to the exposed private and deployer privileges in altering the contract. 

The attack has prompted crypto exchange Binance to reassure users of their funds’ safety. Binance has indicated its team is actively engaging other parties on its BNB chain to investigate the attack and subsequent vulnerability. 

Michael Scott

By Michael Scott

Michael Scott is a skilled and seasoned news writer with a talent for crafting compelling stories. He is known for his attention to detail, clarity of expression, and ability to engage his readers with his writing.