On Friday, Binance’s CEO Changpeng Zhao announced that the cryptocurrency exchange has paused withdrawals following the hack on BNB Chain-based decentralized finance (DeFi) protocol Ankr. Via a tweet, he shared, “Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one.”
Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.
Ankr has confirmed the multi-million dollar hack on its platform on December 1st. The hack which was first discovered by on-chain security analyst PeckShield at about 12:35 am UTC on December 2nd saw the hacker allegedly able to mint 20 trillion Ankr Reward Bearing Staked BNB (aBNBc), which is a reward-bearing token for BNB staked on the protocol. Ankr has, however, confirmed through a tweet that the aBNB token was exploited and that it is working with exchanges to immediately stop the trade of the token which has been compromised.
According to a tweet from on-chain analysis firm Lookonchain, The hacker used services such as Uniswap, Tornado Cash, and different bridges to swap and hide the funds in order to gain about $5 million worth of USD Coin.
Blockchain security firm Beosin suggested that the hack was a result of the vulnerabilities in the smart contract code combined with compromised private keys, which may have appeared from a technical upgrade from Ankr’s team about 12 hours before the incident. It also noted that this mass minting pushed the price of aBNBc to fall 99.5% from $303.89 to $1.53 in a matter of hours, according to data from CoinMarketCap. “It is possible that the deployer’s private key was exposed in this upgrade, leading to an attacker using deployer privileges to modify the contract,” a Beosin spokesperson said.
The BNB Chain Twitter page also stated that the exploiter’s wallet address has been blacklisted.
We are aware of the attack on @ankr's aBNBc that happened earlier today, leading to a substantial amount of new aBNBc being minted. The exploiter has been blacklisted. Our community is on top of it, coordinating a response. We will provide more updates as they become available.
Ibhadojemu Lucky Emmanuel is a graduate of Education and Economics from the University of Benin. He has a passion for tech and business and has been writing professionally for over a period of five years. He's written across various topics and segments and knew tech-business was it when he first stumbled on it. He has a great passion for music and arts, and wants to visit as many countries as he can someday.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
