Ankr, a decentralised finance (DeFi) protocol based on BNB Chain, has confirmed that it is affected by a multi-million dollar exploit on December 1.
On Dec. 2, around 12:35 UTC, on-chain security analyzer PeckShield appears to have discovered the attack for the first time. Ankr tweeted an hour after the assault to clarify that the aBNB token had been exploited and that they were working with exchanges to stop trading the compromised token right now.
Around 20 million Ankr Reward Bearing Staked BNB (aBNBc) tokens — a reward-bearing token for BNB staked on the protocol — were allegedly minted by the attacker.
The exploiter later used services like Uniswap, Tornado Cash, and numerous bridges to swap and conceal the funds in order to earn about $5 million worth of USD Coin, claims a tweet from on-chain analysis company Lookonchain.
Beosin, a blockchain security company, speculated that the exploit was possibly caused by flaws in the smart contract code mixed with stolen private keys, which may have resulted from a recent technological upgrade by the Ankr team.
Crypto exchange Binance confirmed that its team is engaged with related personnel to investigate the matter further, affirming that Binance’s user funds are not at risk. Additionally, the exploiter’s wallet address has been blacklisted, according to the BNB Chain Twitter page.
