The trillion aBNBc exploit on ANKR protocol extended to several other crypto platforms. The protocol custodians identified the perpetrator and set a recovery plan to compensate the affected parties.
The ANKR team zeroed in on a former team member as the muscle behind the exploit. The individual conducted a supply chain attack using malicious code that compromised their private key.
On-chain analysis revealed that the perpetrator could mint new aBNBc tokens on the blockchain; he then moved them across to other platforms like Binance and HAY protocol to wash the stolen funds.
aBNBc is a reward-bearing token on the protocol; the tokens appreciate as they accumulate more rewards. They give the token to users who stake BNB as proof of their stake.
Exploit impact and recovery plan
The aBNBc blockchain money trail revealed that the former employee laundered the stolen funds into Tornado cash, Hay Protocol, and Binance.
The new liquidity depegged the HAY stablecoin, and aBNBc prices fell 99% to $0.2113. On the other hand, ANKR’s price remained relatively stable.
Changpeng Zhao, CEO of Binance, noted that they would freeze all accounts related to the exploit pending investigations.
The main criterion behind the recovery plan is to compensate all ‘clean’ users at the time of exploit. Therefore, they would exclude arbitrage traders who took advantage of the exploit from the recovery program.
In response, the team scanned the blockchain to earmark all aBNBc token holders. Then, using the snapshot, they airdropped a new ankrBNB token to all affected holders and began formulating a new recovery plan.
Helio Protocol took a big hit as the perpetrator traded aBNBc with HAY destablecoin. By December 8, 2022, the protocol custodians had purchased 6,843,323 HAY on DEXs out of 17,747,582 HAY of accumulated bad debt. The effort pushed HAY’s price to $0.98.
The custodians also burnt 6 million HAY days later. Nevertheless, they managed to buy back $3 million in bad debt.
On December 9, the custodians airdropped ankrBNB to wallets that held aBNBc and aBNBb. They also completed airdrops to Ellipsis Finance, Pancakeswap, ApeSwap, ACryptoS, Wombat, Beefy FInance, Wombex, Magpie, and Quoll.
On December 12, the custodians airdropped BNB to the wallet address that held BNB through aBNBb or aBNBc liquidity pools.
The custodians promised to fully compensate about 14,407 BNB to the Wombat liquidity pool by December 19.
The protocol custodians are working with law enforcement to bring the former employee to book.
To prevent such an event, the RPC provider will implement a multi-sig authentication and timelocks for all updates to avoid a single point of failure. They will also work on employee background checks and redefine terms of engagement with DeFi protocols.
Helio Protocol, HAY’s custodian, will resume liquidation functions for the bad actors since users have no collateral backing their position. They will also work on implementing new design features to prevent such exploits from affecting them again.
Final Thoughts
We can trace the weak link in the ANKR exploit to their internal HR processes and security measures. A chain is only as strong as its weakest link.
The exploits served as a lesson for all the affected parties, who mentioned that they would be updating their protocols to protect their communities from similar exploits.
At press time, the HAY destablecoin trades at $0.997 after de-pegging for two weeks from burning their bad debt.
ANKR/ USD chart.
On the day of the exploit, the ANKR price was $0.02147. It is now trading at $0.01753, 15% down from the day of the exploit.