Ankr Confirms $5M Crypto Hack Was an Inside Job

Ankr Confirms M Crypto Hack Was an Inside Job

Cryptocurrency startup Ankr says a former employee instigated the theft of $5 million from its platform earlier this month. Code that enabled unlimited token minting, implemented in the Binance branded BNB chain. On Tuesday’s blog, the Decentralized Finance Protocol said a former team member was behind the attack. He did not name or identify the person.

“A former team member (no longer with Ankr) misdirected a supply chain attack by inserting a malicious code package that could compromise our private key once a legitimate update was performed,” said Ankr.

Crypto intelligence agency Arkham had already identified the possibility of an inside job after detectives on the chain linked related transactions to an Ankr implementer. Ankr added, “Unfortunately, bad internal actors can affect any protocol, and we are working to strengthen HR processes and security measures to strengthen our security posture going forward.” The team is now working with the police to locate the former member Ankr said the attacker “minted surplus aBNBc out of thin air” by uploading a new contract that allows minting without authorization checks.

They exchanged it for other tokens on decentralized exchanges. In total, the attacker minted 60 billion aBNBc in six transactions. They swapped some for USDC before pinning the stablecoins to Ethereum and washing them through crypto mixer Tornado Cash.

Ankr reimbursed affected users with crypto

Shortly after the Ankr hack, a second vulnerability emerged in the Helio staking platform, which failed to update the prices of Ankr-related tokens, although aBNBc fell by more than 99% from $303 to $10.54 had fallen. This allowed users to borrow their $16 million native HAY stablecoin using affected Ankr tokens as collateral. They then exchanged those funds for $15 million in BinanceUSD (BUSD), according to blockchain analytics firm BlockSec, before sending the loot to Binance. Ankr then implemented a community recovery plan that compensated its liquidity providers, lenders, and other users affected by the exploit.

The team also helped stabilize HAY after the stablecoin was debugged, although the token has yet to recover its predicted dollar value fully and is now trading just above $0.99. In any case, Ankr hopes that multi-sig authentication for updates guarantees something similar. Attacks will be prevented in the future. The team also implements background checks on employees and checks access rights.

Share to Social Media

Recent Articles

Join Our Newsletter