Australia markets open in 5 hours 33 minutes
  • ALL ORDS

    7,740.50
    +27.40 (+0.36%)
     
  • AUD/USD

    0.6941
    -0.0019 (-0.27%)
     
  • ASX 200

    7,530.10
    +26.00 (+0.35%)
     
  • OIL

    77.87
    +0.73 (+0.95%)
     
  • GOLD

    1,889.10
    +4.30 (+0.23%)
     
  • BTC-AUD

    33,100.92
    -171.35 (-0.51%)
     
  • CMC Crypto 200

    529.60
    -7.29 (-1.36%)
     

DeFi Protocol Ankr to Reimburse Users Affected by $5M Exploit

Decentralized finance (DeFi) protocol Ankr said it will reimburse the users impacted by the $5 million exploit that occurred on its platform earlier Friday.

"We will take a snapshot and reissue ankrBNB to all valid aBNBc holders before the exploit. The ankrBNB token will continue to be redeemable, while aBNBc and aBNBb will no longer be redeemable," Ankr said in a tweet after the exploit.

This content is not available due to your privacy preferences.
Update your settings here to see it.

Ankr, which called itself the first "node-as-a-service" platform, had suffered the multimillion-dollar exploit due to a bug in its code that allowed for unlimited minting of its token.

After minting the quadrillions of aBNBc token, the attacker was able to swap 20 trillion of them for BNB, then move those to crypto mixer Tornado Cash. The attacker then swapped the BNB tokens for 5 million USDC.

Because the hacker almost completely drained the aBNBc liquidity pools on PancakeSwap and ApeSwap, the token lost nearly 99% of its value, according to CoinGecko data.

According to security research firm PeckShield, the code behind the Ankr contract allows any user to mint an unlimited amount of the protocol’s reward-bearing staking tokens without any sort of verification. This allowed the attacker to mint six quadrillion of the aBNBc token.

Ankr tweeted that all staked assets within the protocol are currently safe. Binance CEO Changpeng Zhao tweeted that his exchange had frozen $3 million that had been sent to his exchange by the hackers.

Ankr on Nansen. (Nansen)
Ankr on Nansen. (Nansen)

Secondary exploit

On-chain analyst firm Lookonchain reported that one opportunistic trader was able to cash in on the exploit and turn 10 BNB ($2,885) into 15.5 million BUSD. The trader did this by taking advantage of DeFi lending protocol Helio, which did not have up-to-date pricing on aBNBc post-crash.

The trader was also able to use the pre-crash pricing for aBNBc to borrow $16 million of the little-traded HAY stablecoin and convert that into BUSD. Since then, the HAY stablecoin has been tossed off its peg, hitting a low of 20 cents, and is now recovering, according to CoinMarketCap, with a price of 77 cents.

UPDATE (Dec. 2, 07:35 UTC): Added comment from Binance's CEO.

UPDATE (Dec. 2, 12:49 UTC): Updates headline and story to include Ankr response, new details.