Facebook Twitter Instagram
    Crypto AcademyCrypto Academy
    • Home
    • News
    • Price Predictions
    • Price Analysis
    • NFTs
    • Learn
    • Press Releases
    • Coins
      • Bitcoin
      • Ethereum
      • Cardano
      • Safemoon
      • Dogecoin
    • Advertise on Crypto Academy
    Facebook Twitter Instagram Telegram
    Crypto AcademyCrypto Academy
    Home»News»Ankr Confirms $5M Crypto Hack Was An Inside Job 
    News

    Ankr Confirms $5M Crypto Hack Was An Inside Job 

    Rea K.By Rea K.December 21, 2022Updated:December 21, 20223 Mins Read
    Ankr Confirms $5M Crypto Hack Was An Inside Job 
    Share
    Facebook Twitter LinkedIn Email Reddit Telegram WhatsApp

    Ankr, a cryptocurrency business, claims a former worker was responsible for the $5 million hack on its platform earlier this month.

    On December 2, a hacker took use of a smart contract for the aBNBc token, one of Ankr’s staking rewards tokens. They had exploited a flaw in its programming that allowed for the cryptocurrency to be issued indefinitely on the BNB Chain, which bears the Binance logo.

    In a blog post on Tuesday, the decentralized financial protocol claimed that a former staff member was responsible for the hack. The person was not mentioned or named. 

    “A former team member (who is no longer with Ankr) acted maliciously to conduct a supply chain attack, inserting a malicious code package that was able to compromise our private key once a legitimate update was made.”

    After on-chain investigators connected similar transactions to an Ankr deployer, crypto intelligence company Arkham had previously raised the prospect of an inside job.

    After moving through CEX, the Helios Exploiter's address is likely known only to Binance.

    However, chain-sleuth @Jiran_z identified a link between the original attacker and the contract deployer of Ankr itself.

    The possibility of an inside job should not be ruled out. https://t.co/r1P8DSbHWN

    — Arkham (@ArkhamIntel) December 2, 2022

    “Unfortunately, internal bad actors can affect any protocol, and we are working on shoring up internal HR processes and safety measures to strengthen our security posture going forward,” added Ankr. 

    In order to possibly prosecute the former team member, the team is now cooperating with law police.

    Ankr previously claimed that by uploading a new contract that permitted minting without authorization checks, the attacker “minted an excess of aBNBc out of thin air.” They then went ahead and exchanged it for other tokens on decentralized exchanges.

    Over the course of six transactions, the attacker made 60 trillion aBNBc total. Before connecting the stablecoins to Ethereum and washing them through Tornado Cash, they exchanged some for USDC.

    A second flaw was discovered shortly after the Ankr breach on the staking platform Helio, which had not changed the pricing of tokens associated with Ankr despite the token aBNBc falling by more than 99%, from $303 to $1.54.

    Due to this, one user was able to borrow $16 million worth of HAY, the company’s native stablecoin, using the affected Ankr tokens as security. According to blockchain research company BlockSec, they then exchanged those funds for $15 million in BinanceUSD (BUSD) before shipping the loot to Binance.

    1/ We think the attacker made more than 107.65 BNB.

    The whole story:

    Step 1: 10 BNB -> 183,884 aBNBc from 1inch @1inch https://t.co/pbNdQicr3m

    Step 2: 183,884 aBNBc -> 191,130 hBNB (deposit receipt) by invoking `provideInABNBc` of Helio @Helio_Moneyhttps://t.co/NCwedIoQGn https://t.co/e3b0tDs7AF

    — BlockSec (@BlockSecTeam) December 2, 2022

    Later, Ankr implemented a recovery strategy for the community that included paying out compensation to its lenders, liquidity providers, and other users who were impacted by the scam.

    The team also contributed to the stabilization of HAY when the stablecoin depegged; however, the token has not yet fully regained its original value and is now trading at just over $0.99.

    Ankr expects that multi-sig authentication for updates would ensure that further assaults are prevented. The team is also revising access privileges and doing background checks on personnel.

    Previous ArticleP2P Exchange Paxful Has Delisted ETH
    Next Article Sam Bankman-Fried Seeks Bail While Extradited to U.S.

    Related Posts

    U.S. Labor Market Defies Predictions: A Positive Outcome for Crypto?

    Dissecting the Differences Between Coinbase & Binance SEC Lawsuits

    Ankr Enterprise RPC Services Goes Live on Microsoft’s Azure Marketplace

    U.S. Labor Market Defies Predictions: A Positive Outcome for Crypto?

    June 9, 2023

    Dissecting the Differences Between Coinbase & Binance SEC Lawsuits

    June 8, 2023

    Ankr Enterprise RPC Services Goes Live on Microsoft’s Azure Marketplace

    June 8, 2023

    Binance Lied To U.S. Lawmakers

    June 8, 2023

    Court Filing Shows Gary Gensler Applied For Advisor Role At Binance

    June 8, 2023
    Facebook Twitter Instagram Telegram RSS
    • Home
    • Advertise on Crypto Academy
    • Terms and Conditions
    • Privacy Policy
    © 2023 Crypto-Academy.org. All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Go to mobile version