Ankr (ANKR), a DeFi platform built on top of the BNB network seems to have fallen victim to a major one recently exploit or hack where millions have been looted by the perpetrator. The exploit was first noticed by blockchain security company PeckShield. Meanwhile, the CEO of BinanceChangpeng Zhao (CZ) also commented on the issue.
Anchor exploit
Although it is currently not clear what exactly happened, it can be said that something was not quite right. There might be a vulnerability tied to the aBNB token and for that reason Ankr has almost immediately called on exchanges to stop trading in this token.
Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.
— Ankr (@ankr) December 2, 2022
The attacker would have been able to steal an astronomical amount of aBNB, which is a token that becomes discontinued on the Ankr protocol, to mint. These tokens are said to have a market value of over $5 million.
Seems that @ankr got hacked an hour ago!
The operator minted 20T aBNBc and dumped it on #PancakeSwap.
At present, the operator have successfully exchanged more than 5 million $USDC.https://t.co/hF1tgNYw0t pic.twitter.com/XIPjBi6wvs
— Lookonchain (@lookonchain) December 2, 2022
The Ankr team has already announced that user funds are not at risk and that users therefore do not have to worry that the perpetrator will make off with their money. How exactly the perpetrator was able to abuse or penetrate Ankr’s systems is currently unknown.
Binance CEO
The CEO of Binance has already shared a possible scenario on Twitter. He states that the first analyzes indicate that the perpetrator had access to a private key from a developer on Ankr. Binance has since stopped recording aBNB and frozen some $3 million that may have been related to the exploit.
Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.
— CZ 🔶 Binance (@cz_binance) December 2, 2022
“Initial analysis is that the developer’s private key has been hacked, and the hacker has stolen it smart contracts has adapted to a more malicious one. Binance paused withdrawals a few hours ago. Also froze about $3m that hackers move to our CEX.”