Ankr verifies the exploit and requests a trade stop immediately
The decentralized finance system has announced that it is collaborating with exchanges to immediately cease trade of its BNB staking rewards currency, aBNBc.
Ankr, a BNB Chain-based decentralised finance (DeFi) system, announced that it was the victim of a multimillion-dollar attack on December 1.
The attack seemed to have been identified for the first time by on-chain security analyst PeckShield at about 12:35 UTC on December 2.
Within an hour after the hack, Ankr acknowledged on Twitter that the aBNB token has been compromised and is collaborating with exchanges to promptly cease trade of the token.
Additionally, it emphasised in a subsequent statement that “all underlying assets on Ankr Staking are secure and all infrastructure services are unaffected at this moment.”
In comments to Cointelegraph on the hack, blockchain security company Beosin claimed that the exploit was likely the result of flaws in the smart contract code mixed with compromised private keys, which may have resulted from a technical update performed by the Ankr team around 12 hours ago.
Beosin also stated that the mass minting incident led the price of aBNBc to drop 99.5% in a matter of hours, from $303.89 to $1.53, according to CoinMarketCap statistics.
“It is probable that the deployer’s private key was revealed in this update, allowing an attacker to change the contract using deployer privileges,” a Beosin representative informed Cointelegraph.
In a tweet dated 2 December, the cryptocurrency exchange Binance verified that its staff is collaborating with appropriate parties to examine the problem further and that user money is not in danger. The BNB Chain Twitter feed also revealed that the wallet address of the exploiter has been banned.