On December 2nd, at 12:35 GMT, Peckshield flagged an exploit made by an attacker on Ankr protocol. The exploit made way with 20 trillion aBNBc reward tokens from the protocol.
Ankr Reward Bearing Staked BNB (aBNBc) is a reward-bearing token, meaning its quantity stays the same from the moment of staking. The token appreciates as its redemption ratio grows because of reward accumulation.
Ankr launched the token on the Binance chain as a liquid staking function on Ankr. Users earned interest by staking their BNB on the Smart contract and obtained aBNBc as proof of the stake.
Chasing the aBNBc money trail
According to Lookonchain, the attacker stole keys from the Ankr deployer and minted 10 trillion aBNBc that he sent to himself. He later transferred 1.125BNB to the address for gas fees and began dumping the stolen tokens.
The attacker exploited the contract again and minted 10 trillion more tokens. After the exploitations, the attacker began washing money into BNB and Ethereum through Tornado cash.
Tornado Cash is a decentralized, open-source Smart contract that provides the service of washing ‘tainted’ cryptocurrency funds with others to obscure the source of the funds.
The attacker also transferred the stolen funds to Helio Money; using the funds as collateral, he borrowed $16M HAY which he later sold for $15.5M BUSD. The attacker repeated similar transactions with $HAY sold for BNB on multiple occasions.
$16M HAY exploit analysis by Lookonchain.
Peckshield security firm revealed that the Ankr contract had a bug in its minting function. A w/ 0x3b3a5522 function signature embedded in the contract could bypass the OnlyMinter Function and have arbitrary mint.
Peckshield also noted the attackers bridged funds through Celer and de BridgeGate to Ethereum and Tornado cash.
Ankr reacted on Twitter by acknowledging the hack and quickly notified exchanges to stop the token trades. They advised their community to avoid trading the tokens, withdraw liquidity from exchanges, and cited the issuance of new Tokens. The move would render the stolen tokens valueless.
Peckshield noted multiple exploits from the mint function.
The attackers remain highly active; blockchain stats indicate the exploiters also burnt billions of tokens.
According to Peckshield, some exploiters transferred USDC, and BUSD washed from the exploit to the Binance exchange. The washed funds into Binance total about $19M.
Binance CEO Changoeng Zhao (CZ) acknowledged the exploits earlier, noting that $3M funds moved by the exploiters to Binance were frozen with withdrawals paused. He noted that the exploiter managed to steal private keys to the contract.
Impact of Ankr protocol exploit
At 2:00 am GMT, aBNBc prices fell 99% following the exploit. Trading has so far been paused on various exchanges as the Ankr team works to resolve the issue and refund the affected traders.
The exploit affected HAY, stablecoin, and is down 35% in the last 24 hours and trading at $0.6434. At the peak, it fell to $0.2113.
Ankr is trading at $0.02168, down by 3.93 in the last 24 hours. BNB has remained relatively stable and trades at $290.4.
As the situation unfolds, we can anticipate continuous updates from the involved parties. Binance and Ankr are hot on the case; Binance will likely freeze funds transferred to their exchange while analysts will earmark the stolen funds for tracking.
The Ankr protocol joins a series of other DeFi exploits in 2022. According to an analysis made by Chainalysis, the number of DeFi exploits in 2022 is at a record high which has so far hemorrhaged over $800M of investor funds.