- Ankr was the victim of a hack that cost the project losses of over $5 million.
- The team briskly patched the exploit within hours.
- Ankr says it will compensate all users for their losses and discontinue the affected token to prevent future occurrences.
A security breach nearly sent Ankr underwater, but the team’s timely intervention saved the day.
On Dec 1, Ankr identified a security breach on the project in which bad actors were able to gain internal access and steal tokens. According to a report by the team, the hackers were able to access the private developer key and modify the smart contract for aBNBc, Ankr’s BNB liquid staking token.
This modification gave the bad actors the power to create an unlimited amount of the token from thin air using an infinite bug. Over 60 trillion tokens were generated with the hackers converting the tokens to the USDC stablecoin.
A stitch in time saves nine
$5 million worth of USDC was moved off Binance Smart Chain to Ethereum before the transactions were flagged, potentially saving the project a fortune. Ankr noted in their report that they “alerted known off-ramps to implement their emergency plans’” which halted trading.
Extra steps were taken to mitigate the loss of funds, like using a new key to secure smart contracts and updating all systems to “temporarily pause the movement of the underlying collateral (BNB) to be safe.” The team noted that parties providing liquidity to decentralized exchanges supporting the affected tokens had been duly notified of the development.
“Ankr will purchase $5 million worth of BNB and use this to compensate the liquidity providers that have been affected by the exploit due to drainage of liquidity pools,” said Ankr in a statement. “We understand diluted aBNBc was speculatively traded after the exploit occurred, but we are only able to compensate LPs caught off guard by the event.”
Ankr says it will discontinue the affected tokens immediately, noting that it will use a snapshot to identify the affected liquid provider. The project allayed users’ fears by confirming that funds and underlying assets are safe and users “will retain their positions from before.”