Ankr announcement coincided with PeckShield, an on-chain security firm, discovering the attack at 12.35 UTC on December 2. An hour later, Ankr’s confirmatory tweet revealed the exploitation of aBNB token. The tweet added that Ankr had informed exchanges about suspending the compromised aBNB token from trading.
Discovery of Ankr Attack
Ankr confessed the attacker minted 20 trillion Ankr Reward Bearing Staked BNB (aBNBc). The admission that the reward-bearing token was comprised for the BNB staked on DeFi protocol indicates Ankr has been a target in the recent exploits detected by Compound Finance and Aave.
A subsequent Twitter post by on-chain analysts company Lookonchain showed the exploiter leverages Tornado Cash and Uniswap to swap the proceeds. Lookonchain tweet indicated the attacker earned $5 million Coin from the exploit. The on-chain analyst acknowledged that other underlying assets within the Ankr Staking were secure and infrastructure services were uninterrupted.
Potential Loopholes that Facilitated Attack
Commenting on the attack, Beosin Co. Ltd indicated the exploiter leveraged the vulnerabilities within the smart contracting codes. Further, the blockchain security firm associated the attack with the possibility that private keys were compromised during the technical upgrade executed by the Ankr team 12 hours earlier.
The DeFi protocol initiated the upgrade to introduce nomenclature and model changes to the reward-bearing tokens. The upgrade targeted swapping the reward-earning tokens to b-tokens. The change targets delivering a consistent nomenclature standard for the bearing tokens, including AnkrETH, AnkrBNB, and AnkrAVAX from the previous aETHc, aBNBc, and aAVAVXc, respectively.
Minting Episode Erodes aBNBc Value
Beosin illustrated the minting episode by the exploiter eroded 99.5% of aBNBc value from $303.89 to $1.53 in an hour, as shown in the CoinMarketCap data. At press time, 0629 UTC, ANKR is exchanging hands at $0.02154, indicating a 4.69% decline in the past 24 hours. Beosin representative considered the exploiter tapped to the exposed private and deployer privileges in altering the contract.
The attack has prompted crypto exchange Binance to reassure users of their funds’ safety. Binance has indicated its team is actively engaging other parties on its BNB chain to investigate the attack and subsequent vulnerability.
HeraldSheets.com produces top quality content for crypto companies. We provide brand exposure for hundreds of companies. All of our clients appreciate our services. If you have any questions you may contact us. Cryptocurrencies and Digital tokens are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by our authors and the views expressed in them do not reflect the views of this website. Herald Sheets is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. Read full terms and conditions / disclaimer.