Advertisement
Australia markets close in 3 hours 1 minute
  • ALL ORDS

    8,134.80
    +52.50 (+0.65%)
     
  • ASX 200

    7,865.50
    +51.10 (+0.65%)
     
  • AUD/USD

    0.6697
    +0.0001 (+0.02%)
     
  • OIL

    80.01
    -0.05 (-0.06%)
     
  • GOLD

    2,437.60
    +20.20 (+0.84%)
     
  • Bitcoin AUD

    99,619.08
    -695.38 (-0.69%)
     
  • CMC Crypto 200

    1,362.17
    -11.67 (-0.85%)
     
  • AUD/EUR

    0.6156
    +0.0001 (+0.02%)
     
  • AUD/NZD

    1.0933
    +0.0028 (+0.25%)
     
  • NZX 50

    11,718.01
    +18.22 (+0.16%)
     
  • NASDAQ

    18,546.23
    -11.77 (-0.06%)
     
  • FTSE

    8,420.26
    -18.39 (-0.22%)
     
  • Dow Jones

    40,003.59
    +134.19 (+0.34%)
     
  • DAX

    18,704.42
    -34.38 (-0.18%)
     
  • Hang Seng

    19,633.86
    +80.25 (+0.41%)
     
  • NIKKEI 225

    39,346.92
    +559.54 (+1.44%)
     

DeFi Protocol Ankr to Reimburse Users Affected by $5M Exploit

Decentralized finance (DeFi) protocol Ankr said it will reimburse the users impacted by the $5 million exploit that occurred on its platform earlier Friday.

"We will take a snapshot and reissue ankrBNB to all valid aBNBc holders before the exploit. The ankrBNB token will continue to be redeemable, while aBNBc and aBNBb will no longer be redeemable," Ankr said in a tweet after the exploit.

Ankr, which called itself the first "node-as-a-service" platform, had suffered the multimillion-dollar exploit due to a bug in its code that allowed for unlimited minting of its token.

ADVERTISEMENT

After minting the quadrillions of aBNBc token, the attacker was able to swap 20 trillion of them for BNB, then move those to crypto mixer Tornado Cash. The attacker then swapped the BNB tokens for 5 million USDC.

Because the hacker almost completely drained the aBNBc liquidity pools on PancakeSwap and ApeSwap, the token lost nearly 99% of its value, according to CoinGecko data.

According to security research firm PeckShield, the code behind the Ankr contract allows any user to mint an unlimited amount of the protocol’s reward-bearing staking tokens without any sort of verification. This allowed the attacker to mint six quadrillion of the aBNBc token.

Ankr tweeted that all staked assets within the protocol are currently safe. Binance CEO Changpeng Zhao tweeted that his exchange had frozen $3 million that had been sent to his exchange by the hackers.

Ankr on Nansen. (Nansen)
Ankr on Nansen. (Nansen)

Secondary exploit

On-chain analyst firm Lookonchain reported that one opportunistic trader was able to cash in on the exploit and turn 10 BNB ($2,885) into 15.5 million BUSD. The trader did this by taking advantage of DeFi lending protocol Helio, which did not have up-to-date pricing on aBNBc post-crash.

The trader was also able to use the pre-crash pricing for aBNBc to borrow $16 million of the little-traded HAY stablecoin and convert that into BUSD. Since then, the HAY stablecoin has been tossed off its peg, hitting a low of 20 cents, and is now recovering, according to CoinMarketCap, with a price of 77 cents.

UPDATE (Dec. 2, 07:35 UTC): Added comment from Binance's CEO.

UPDATE (Dec. 2, 12:49 UTC): Updates headline and story to include Ankr response, new details.