Ankr Hack - The Latest DeFi Platform to Suffer from Exploit Vulnerability

DeFi hackers have exploited the Ankr Procotol, minting 6 quadrillion aBNBc tokens

While all eyes have been on Sam Bankman-Fried and the FTX collapse, DeFi hackers have taken advantage by exploiting the Ankr Procotol.

The full details are still coming in but there was a major exploit on Ankr Protocol. On Dec. 2, the development team reported that its aBNB token had been exploited and they were working with exchanges to halt trading.

Ankr released a statement assuring that all assets on Ankr Staking are safe and sound and that infrastructure services have not been impacted.

What is the Ankr DeFi Protocol

Ankr is a web3 infrastructure provider for the BNB Chain ecosystem. It offers a cloud computing platform that distributes idle computing power, as well as a variety of staking and yield-earning options on BEP-20 tokens. Its native ANKR token can be mined by contributing computing power to the network.

Ankr's goal is to create a cloud computing platform that can be adopted by developers and businesses. It plans to offer decentralized applications (DApps) and services that are secure, cost-effective, and easy to use.

The Ankr team claims it has created the first fully automated staking protocol on BNB Chain,  allowing users to stake tokens with just a few clicks and begin earning rewards.

Ankr's Infinite Mint Hack

The attacker managed to mint 6 quadrillion aBNBc tokens. The hackers were able to swap 20 trillion of them for BNB. They then moved those to crypto mixer Tornado Cash before swapping the BNB tokens for 5 million USDC.

According to CoinGecko data, the hacker caused aBNBc's value to drop by nearly 99% after draining PancakeSwap and ApeSwap's liquidity pools.

According to the details released by security research firm PeckShield, this code exploit allows anyone (no verification required) to create an unlimited number of Ankr's staking tokens, which give rewards. This allowed the attacker to make six quadrillion aBNBc tokens.

The 20 trillion aBNBc tokens acquired makes the hacker the 13th largest holder of the token.

Binance Pauses Withdrawals Amidst Hack

Binance CEO Changpeng Zhao stated that his exchange had frozen $3 million that had been sent to his exchange by the hackers.

Zhao tweeted: "Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hours ago. Also froze about $3m that hackers move to our CEX."

A Secondary Exploit in Ankr's Protocol?

On-chain analyst firm Lookonchain has indicated that an individual was able to take advantage of a loophole and make a massive profit of 15.5 million BUSD from an initial investment of only 10 BNB ($2,885). This was made possible due to Helio's outdated pricing protocol which didn't reflect the current market value of aBNBc post-crash.

The trader took advantage of the pre-crash prices for aBNBc to borrow $16 million worth of HAY stablecoins and convert them into BUSD. The value of the HAY stablecoin has since plummeted, hitting a low of 20 cents before beginning to recover. According to CoinMarketCap, it is now trading at 77 cents.

Combatting DeFi Hacking

As we know it is extremely difficult to hack a blockchain but that doesn't mean that hackers can't turn their attention towards linked vulnerable protocols like crypto wallets, cryptocurrency exchanges and in this case DeFi protocols.

So what can be done to guard from DeFi hacks in the future?

Ankr has already taken steps to compensate users who were affected by the hack and has implemented additional security measures to prevent future exploits.

Other DeFi projects should take Ankr as a warning and take extra precautions when it comes to their smart contracts. Protocols should be tested thoroughly, code audited regularly and new features launched with an abundance of caution.

As Hackers become smart and smarter, the industry must react by ensuring that the platforms and services released do not hold ANY vulnerabilities.

Finally, users themselves should research thoroughly before participating in DeFi protocols. Make sure to read all terms and conditions before committing funds and always practice good security hygiene by keeping your private keys safe and never revealing them to anyone.

About the Author

James Killick

Founder of Chainwiz and crypto tech specialist.