Ankr, a DeFi Protocol system based on BNB Chain, has acknowledged being affected by a multi-million dollar attack on December 1.
Earlier today, December 2, on-chain security analyzer PeckShield appears to have been aware of the attack for the first time.
An hour after the attack, Ankr tweeted to clarify that the aBNB token had been exploited and that they were working with exchanges to stop trading the compromised token right now.
Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.
— Ankr (@ankr) December 2, 2022
The limitless mint flaw was found in the aBNBc token’s smart contract, according to PeckShield, a blockchain security company.
Additionally, it stated that 900 BNB worth around $253,000 had been moved into Tornado Cash by the Ankr exploiter. The claim that the exploiter currently controls 500,000 USDC and 3,000 ETH (over $3.8 million) indicates that it had also bridged USDC and ETH to Ethereum.
The hacker holds over 20 trillion aBNBc and is not the token’s 13th largest holder.
Our analysis shows the $aBNBc token contract has an unlimited mint bug. Specifically, while mint() is protected with onlyMinter modifier, there is another function (w/ 0x3b3a5522 func. signature) that completely bypasses the caller verification to have arbitrary mint !!! https://t.co/h51e7xpcVf pic.twitter.com/caRgasNNHq
— PeckShield Inc. (@peckshield) December 2, 2022
PeckShield also noted that the vulnerability was being copied by others, leading to copycat exploits.
#PeckShieldAlert Here comes the 21st Ankr Exploiter https://t.co/MqSMwMoAnK pic.twitter.com/HpU7cf9Kh2
— PeckShieldAlert (@PeckShieldAlert) December 2, 2022
Although the damages haven’t been completely recognized, they are probably in the millions of dollars. Accordion to early estimates, hackers gained $5 million by washing tokens through different bridges and DEXes.
Seems that @ankr got hacked an hour ago!
— Lookonchain (@lookonchain) December 2, 2022
The exploiter minted 20T aBNBc and dumped it on #PancakeSwap.
At present, the exploiter have successfully exchanged more than 5 million $USDC.https://t.co/hF1tgNYw0t pic.twitter.com/XIPjBi6wvs
Furthermore, Ankr lost 6.6% at the time of the exploit. ANKR dropped to $0.0211 but rose back to $0.0227 at the time of writing.
The Binance BNB coin fell t $288, a 3.1% daily decline. However, given that the majority of digital assets are now down, this is consistent with a larger collapse in the cryptocurrency market.