Quick take:
- Ankr said approximately $5 million was stolen in the aBNBc smart contract exploit.
- The company is currently identifying liquidity providers affected by the hack so that it can compensate them.
- The hacker stole the private key of Ankr deployer and minted an infinite number of aBNBc tokens.
Ankr has provided an update to the $5 million exploit that occurred on the aBNBc token smart contract. The web3 infrastructure developer said it is working to resolve the issue completely after taking measures to limit the impact of the attack.
According to Ankr, the attacker used the aBNBc smart contract to create an infinite number of tokens. On-chain researcher, Lookonchain on Twitter said a figure of 10 trillion aBNBc tokens were minted as of Dec 1. In its report on Friday, Ankr said the attacker minted a whopping 60 trillion aBNBc tokens across six different transactions.
According to the on-chain researcher, the attacker then transferred the tokens to himself, before transferring 1.125 BNB to the hacker address as gas fees.
He then started dumping the tokens for stablecoin USDC, moving them off the BNB Chain and onto the Ethereum network before the transactions were flagged.
According to Lookonchain, the attacker managed to exchange a total of 4,050,500 $USDC and 5,000 $BNB ($1.5M). Another 4,500 $BNB were exchanged for 1,293,087 $USDC, while 900 $BNB were deposited into the US-sanctioned crypto mixing platform Tornado Cash.
Apart from aBNBc, the company said no other liquid staking tokens or Ankr products were affected. “Likewise, Ankr’s validators, RPC API, and AppChain services continue to operate without any disruptions,” Ankr wrote in a report following the attack.
Some of the steps taken to ensure no other products and tokens were affected included alerting known off-ramps to halt trading while the attack was ongoing, securing smart contracts with new keys and updating smart contracts to halt the movement of the underlying collateral (BNB).
Looking forward, Ankr said it continues to take steps to put the incident to rest. “The team at Ankr is working hard to resolve this issue completely and efficiently. We have taken the necessary steps to offset the loss of funds and resolve the attack.”
As part of the compensation process, the company plans to purchase $5 million worth of BNB and use it to compensate the decentralised exchanges (DEXes) affected by the attack. However, the company warned those who incurred losses while trying to profit from the incident will not be compensated.
“We understand diluted aBNBc was speculatively traded after the exploit occurred, but we are only able to compensate LPs caught off guard by the event,” Ankr wrote in the update.
Ankr said it will discontinue the aBNBc and the aBNBb tokens immediately. In exchange, ankrBNB tokens will be minted and airdropped to “affected aBNBc and aBNBb users.”
****
Sign up to the world’s biggest crypto exchange Binance to buy and sell cryptocurrencies.
Stay up to date:
